Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Removing Pop-up Advertisements


  • Please log in to reply
18 replies to this topic

#1 capurp

capurp

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 07 April 2008 - 01:14 PM

Hey, pop-up advertisements such as buycheapadvertisements.com are appearin everytime i open my internet expleror, i've run AVG, Spy-bot, and Adaware none of them have been able to remove the pop up's, no idea what kind of infection this is.

thanks for all the help


Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-04-07 14:03:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
27: 2008-04-07 19:03:53 UTC - RP27 - Deckard's System Scanner Restore Point
26: 2008-04-07 14:42:05 UTC - RP26 - Installed Ad-Aware 2007
25: 2008-04-06 20:05:43 UTC - RP25 - System Checkpoint
24: 2008-04-06 17:51:12 UTC - RP24 - Installed AVG 8.0
23: 2008-04-06 17:37:54 UTC - RP23 - Last known good configuration


-- First Restore Point --
1: 2008-04-06 17:37:44 UTC - RP1 - Installed HP Deskjet 3840


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-07 14:05:46
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.11)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\hp\KBD\kbd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Dragon IPTV StarCast\DragonIPTVUpda.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {7EA45D31-7D44-4E7B-A449-AB958B5E45ED} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HP Organize.lnk = C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: fccabcb - C:\WINDOWS\system32\fccabcb.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Goosean: DragonIPTV.exe update permissions manager. 121028. - Unknown owner - C:\Program Files\Dragon IPTV StarCast\DragonIPTVUpda.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


--
End of file - 9642 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 atmepvcc - c:\windows\system32\drivers\atmepvcc.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys (file missing)
S3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys (file missing)
S3 smserial - c:\windows\system32\drivers\smserial.sys (file missing)
S3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Goosean: DragonIPTV.exe update permissions manager. 121028. - c:\program files\dragon iptv starcast\dragoniptvupda.exe -permissionmanagerrun

S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-21 11:50:20 278 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job
2005-02-15 12:46:23 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-03-07 and 2008-04-07 -----------------------------

2008-04-07 13:51:22 0 d-------- C:\ComboFix[1]
2008-04-07 13:49:26 0 d-------- C:\VundoFix Backups
2008-04-07 13:28:08 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-04-07 13:27:57 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 13:27:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 09:42:20 0 d-------- C:\Program Files\Lavasoft
2008-04-07 09:42:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-07 09:41:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 23:31:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-04-06 23:31:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-04-06 18:34:14 0 d--h----- C:\$AVG8.VAULT$
2008-04-06 13:00:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 12:56:46 49170 --a------ C:\WINDOWS\system32\jkwnw64p.exe <Not Verified; ; Browser Driver>
2008-04-06 12:51:32 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-06 12:51:21 0 d-------- C:\Program Files\AVG
2008-04-06 12:51:21 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-06 12:37:33 7142 --ahs---- C:\WINDOWS\system32\gfhkj.ini2
2008-04-06 12:37:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\MEGAUPLOADTOOLBAR
2008-04-06 12:36:58 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-06 12:33:12 937 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-06 12:32:43 0 d--hs---- C:\WINDOWS\IA
2008-04-06 12:32:35 86144 --a------ C:\WINDOWS\system32\drivers\atmepvcc.sys
2008-04-06 12:32:31 0 d-------- C:\WINDOWS\system32\wii
2008-04-06 12:32:31 0 d-------- C:\WINDOWS\system32\pinz1
2008-04-06 12:32:30 0 d-------- C:\WINDOWS\system32\IDE2
2008-04-06 12:32:30 0 d-------- C:\WINDOWS\system32\ExTmp
2008-04-06 12:32:22 0 d-------- C:\WINDOWS\system32\bharebio01
2008-04-06 12:27:08 0 d-------- C:\WINDOWS\Sun
2008-04-06 11:02:31 0 d-------- C:\Program Files\WinAVI Video Converter
2008-04-01 21:07:27 0 d-------- C:\temp
2008-03-31 04:02:32 967 --a------ C:\WINDOWS\ScUnin.pif
2008-03-31 04:02:32 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-03-31 04:02:32 38807 --a------ C:\WINDOWS\scunin.dat
2008-03-26 17:28:26 3532 --a------ C:\drmHeader.bin
2008-03-24 23:05:14 0 d-------- C:\Program Files\MegauploadToolbar
2008-03-24 23:05:13 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\MegauploadToolbar
2008-03-24 19:22:01 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-03-24 19:20:09 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-24 15:46:11 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\DivX
2008-03-23 18:01:14 0 d-------- C:\Program Files\DivX
2008-03-22 21:30:20 0 d-------- C:\Program Files\Dragon IPTV StarCast
2008-03-22 14:19:48 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-22 09:03:52 0 d-------- C:\Program Files\uTorrent
2008-03-22 09:03:45 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\uTorrent
2008-03-21 12:41:49 0 d-------- C:\PC_Games
2008-03-21 12:36:15 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Microsoft Web Folders
2008-03-21 12:32:00 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-03-21 12:32:00 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-03-21 12:29:33 0 d-------- C:\Hp Printer
2008-03-21 12:17:22 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-03-21 12:10:50 0 d-------- C:\WINDOWS\nview
2008-03-21 12:08:31 0 dr-hs---- C:\cmdcons
2008-03-21 12:08:27 0 d-------- C:\WINDOWS\setup.pss
2008-03-21 12:05:23 0 dr-h----- C:\Documents and Settings\HP_Owner\Recent
2008-03-21 12:04:01 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\InterMute
2008-03-21 12:04:01 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Identities
2008-03-21 12:04:01 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-03-21 12:04:00 0 d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-03-21 12:04:00 0 d--h----- C:\Documents and Settings\HP_Owner\Templates
2008-03-21 12:04:00 0 dr------- C:\Documents and Settings\HP_Owner\Start Menu
2008-03-21 12:04:00 0 dr-h----- C:\Documents and Settings\HP_Owner\SendTo
2008-03-21 12:04:00 0 d--h----- C:\Documents and Settings\HP_Owner\PrintHood
2008-03-21 12:04:00 0 d--h----- C:\Documents and Settings\HP_Owner\NetHood
2008-03-21 12:04:00 0 dr------- C:\Documents and Settings\HP_Owner\My Documents
2008-03-21 12:04:00 0 d--h----- C:\Documents and Settings\HP_Owner\Local Settings
2008-03-21 12:04:00 0 dr------- C:\Documents and Settings\HP_Owner\Favorites
2008-03-21 12:04:00 0 d-------- C:\Documents and Settings\HP_Owner\Desktop
2008-03-21 12:04:00 0 d--hs---- C:\Documents and Settings\HP_Owner\Cookies
2008-03-21 12:04:00 0 dr-h----- C:\Documents and Settings\HP_Owner\Application Data
2008-03-21 12:04:00 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-03-21 12:04:00 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Sun
2008-03-21 12:04:00 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-03-21 12:04:00 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Real
2008-03-21 12:03:59 2359296 --ah----- C:\Documents and Settings\HP_Owner\NTUSER.DAT
2008-03-21 12:02:49 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-03-21 12:02:04 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-03-21 12:02:04 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2008-03-21 12:02:04 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2008-03-21 12:02:04 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-03-21 12:02:04 0 d-------- C:\Documents and Settings\Default User\Application Data\Real
2008-03-21 12:02:04 0 d-------- C:\Documents and Settings\Default User\Application Data\InterMute
2008-03-21 12:02:04 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-03-21 11:59:06 0 d-------- C:\WINDOWS\Prefetch
2008-03-21 11:55:37 0 d--hs---- C:\System Volume Information
2008-03-21 09:42:30 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2008-03-21 09:28:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-21 09:26:24 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-21 09:26:23 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-21 09:23:30 0 d-------- C:\Program Files\Yahoo!
2008-03-21 09:23:23 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-03-21 09:20:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-21 09:06:07 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Macromedia
2008-03-21 09:03:32 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-03-21 09:03:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-03-21 09:03:13 0 d-------- C:\Program Files\Pure Networks
2008-03-21 02:34:27 246 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-03-21 02:32:33 0 d-------- C:\WINDOWS\I386
2008-03-21 02:23:29 0 dr-h----- C:\MSOCache
2008-03-21 02:23:25 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-03-21 02:23:25 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-03-21 02:23:25 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-03-21 02:23:25 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-03-21 02:23:24 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-03-21 02:23:24 0 dr------- C:\Documents and Settings\All Users\Documents
2008-03-21 02:23:22 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-03-21 02:22:54 0 dr------- C:\WINDOWS\Offline Web Pages
2008-03-21 02:21:43 0 dr-hs---- C:\WINDOWS\system32\dllcache


-- Find3M Report ---------------------------------------------------------------

2008-04-07 13:40:02 3645 --a------ C:\WINDOWS\viassary-hp.reg
2008-04-07 10:16:50 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-07 09:41:23 0 d-------- C:\Program Files\Common Files
2008-04-06 18:12:12 0 d-------- C:\Program Files\Symantec
2008-03-21 12:35:55 0 d-------- C:\Program Files\microsoft frontpage
2008-03-21 12:31:10 0 d-------- C:\Program Files\HP
2008-03-21 12:31:08 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-21 11:50:20 0 d-------- C:\Program Files\Easy Internet signup
2008-02-20 21:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-20 21:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-20 21:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-20 21:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-20 21:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 21:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 21:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 21:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EA45D31-7D44-4E7B-A449-AB958B5E45ED}]
C:\WINDOWS\system32\jkhfg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [02/15/2005 11:42 AM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 06:04 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 05:59 PM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 07:06 PM C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/07/2004 08:53 PM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 08:42 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 09:02 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/15/2005 12:09 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/14/2004 02:04 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 10:43 PM]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [08/05/2004 07:23 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 10:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/25/2004 11:17 PM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 11:54 PM]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [12/14/2004 04:23 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/11/2006 08:43 PM]
"nwiz"="nwiz.exe" [08/11/2006 08:43 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/11/2006 08:43 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 06:03 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [01/13/2006 07:13 PM]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [06/23/2006 08:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/15/2005 12:18 PM]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:00 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 04:06 PM]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2/15/2005 12:22:28 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/5/2004 5:28:24 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 7:05:56 AM]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [2/15/2005 12:21:02 PM]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2/15/2005 12:23:13 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccabcb]
fccabcb.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
AutoRun\command- D:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-04-07 14:07:05 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 503.48 MiB / 116.11 MiB
Pagefile Memory (total/avail): 1230.24 MiB / 778.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.25 MiB

C: is Fixed (NTFS) - 66.92 GiB total, 46.49 GiB free.
D: is Fixed (FAT32) - 7.59 GiB total, 2.27 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 7.61 GiB - D:
\PARTITION1 (bootable) - Installable File System - 66.92 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus v8.0 (AVG Technologies) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\PC_Games\\Starcraft\\StarCraft.exe"="C:\\PC_Games\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft - Brood War"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Dragon IPTV StarCast\\DragonIPTV.exe"="C:\\Program Files\\Dragon IPTV StarCast\\DragonIPTV.exe:*:Enabled:DragonIPTV"
"C:\\PC_Games\\Starcraft\\Starcraft\\StarCraft.exe"="C:\\PC_Games\\Starcraft\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe"="C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FAMILYCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\FAMILYCOMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=FAMILYCOMPUTER
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem --> agrsmdel
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\58D1A004-6D3C-480A-9E0D-FAA58F3C2A62\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B151D9AC-5E4E-4AD0-96C9-5A6C9EC23502\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
Crystal Maze from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Dragon IPTV StarCast 2.2.4 --> C:\Program Files\Dragon IPTV StarCast\uninst.exe
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
HP Deskjet 3840 --> msiexec /x{B1591C79-1C35-4E09-AA15-F7D6923AFB96}
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.5.3 --> C:\Program Files\HP\Digital Imaging\{D0420D64-8D33-4374-A2B2-9225C7925CA6}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart Cameras 4.0 --> C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HPIZplus450 --> MsiExec.exe /X{7B98685A-4E21-4A4F-A2D6-DC557042BADA}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo DiscLabel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Norton Security Center --> MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Orbital from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe"
Overball from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"
PC-Doctor for Windows --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
Polar Golfer from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1\Uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Pure Networks Network Magic --> C:\Program Files\Pure Networks\Network Magic\Uninstall.exe
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Road Ready Streetwise from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6B60434A-ABE1-48FF-906B-0EA67087AB25\Uninstall.exe"
Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\703E3900-69DA-47C9-9768-C6514098F149\Uninstall.exe"
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpySubtract --> C:\Program Files\InterMute\SpySubtract\SpySub.exe -uninstall
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Super Granny from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3F34F72F-9BB0-4B73-8312-558953ACF56F\Uninstall.exe"
Tradewinds from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"
Updates from HP --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type704 / Error
Event Submitted/Written: 04/07/2008 01:00:35 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x0410011f.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type693 / Warning
Event Submitted/Written: 04/07/2008 07:27:33 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007000E

Event Record #/Type692 / Warning
Event Submitted/Written: 04/07/2008 07:27:22 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}', feature 'Unload' failed during request for component '{2E1790B1-CEF3-11D5-AF55-00C04F6BF3E7}'

Event Record #/Type691 / Error
Event Submitted/Written: 04/06/2008 11:35:29 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.5730.11, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type661 / Warning
Event Submitted/Written: 04/06/2008 06:02:16 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1520 / Error
Event Submitted/Written: 04/07/2008 01:40:27 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AvgMfx86

Event Record #/Type1484 / Error
Event Submitted/Written: 04/07/2008 10:17:57 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AvgMfx86

Event Record #/Type1477 / Error
Event Submitted/Written: 04/07/2008 09:44:14 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Command Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type1468 / Warning
Event Submitted/Written: 04/07/2008 03:21:14 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type1452 / Warning
Event Submitted/Written: 04/06/2008 05:46:44 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-04-07 14:07:05 ------------

BC AdBot (Login to Remove)

 


m

#2 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 07 April 2008 - 08:10 PM

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

REBOOT

Next download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Leave all the setting to the default except as noted below
  • Under Additional Scans sections, check the following
    • Reg - BotCheck
    • File - Additional Folder Scan
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
If the log is too large to post, use the ADDREPLY button, scroll down to the attachments section and attach the notepad file here.

Edited by jwbirdsong, 07 April 2008 - 08:13 PM.


#3 capurp

capurp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 07 April 2008 - 08:50 PM

OTScanIt logfile created on: 4/7/2008 9:47:54 PM

OTScanIt by OldTimer - Version 1.0.9.0	 Folder = C:\Documents and Settings\HP_Owner\Desktop\OTScanIt

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

503.48 Mb Total Physical Memory | 242.50 Mb Available Physical Memory | 48.17% Memory free

1.20 Gb Paging File | 0.93 Gb Available in Paging File | 77.22% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 66.92 Gb Total Space | 46.46 Gb Free Space | 69.42% Space Free | Partition Type: NTFS

Drive D: | 7.59 Gb Total Space | 2.27 Gb Free Space | 29.93% Space Free | Partition Type: FAT32

Drive E: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: FAMILYCOMPUTER

Current User Name: HP_Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user



[Processes - Non-Microsoft Only]

jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe ->  [Ver =  | Size = 32881 bytes | Modified Date = 2/15/2005 11:42:04 AM | Attr =	]

hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 6:04:38 PM | Attr =	]

agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 7:06:38 PM | Attr =	]

hphmon06.exe -> %SystemRoot%\system32\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 6/7/2004 8:42:30 PM | Attr =	]

kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 9:02:48 PM | Attr =	]

ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 4.7.0.42 | Size = 278528 bytes | Modified Date = 10/14/2004 2:04:14 AM | Attr =	]

avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 282904 bytes | Modified Date = 4/6/2008 12:51:23 PM | Attr =	]

usrprmpt.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\UsrPrmpt.exe -> Symantec Corporation [Ver = 2005.1.00.111 | Size = 218240 bytes | Modified Date = 8/5/2004 7:23:14 PM | Attr =	]

alcxmntr.exe -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 10:47:52 PM | Attr =	]

hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/2003 8:38:42 AM | Attr =	]

hpztsb10.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb10.exe -> HP [Ver = 2.323.0.0 | Size = 172032 bytes | Modified Date = 1/13/2006 7:13:02 PM | Attr =	]

nmapp.exe -> %ProgramFiles%\Pure Networks\Network Magic\nmapp.exe -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 1029712 bytes | Modified Date = 6/23/2006 8:45:40 PM | Attr =	]

dragoniptvupda.exe -> %ProgramFiles%\Dragon IPTV StarCast\DragonIPTVUpda.exe ->  [Ver = 4, 0, 0, 173 | Size = 733184 bytes | Modified Date = 2/15/2008 11:59:34 PM | Attr =	]

qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2/15/2005 12:18:59 PM | Attr =	]

nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 8:42:50 PM | Attr =	]

hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/5/2004 5:28:24 AM | Attr =	]

updates from hp.exe -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 2/15/2005 12:23:12 PM | Attr =	]

nmsrvc.exe -> %ProgramFiles%\Pure Networks\Network Magic\nmsrvc.exe -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 276048 bytes | Modified Date = 6/23/2006 8:24:50 PM | Attr =	]

symwsc.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.00.111 | Size = 308352 bytes | Modified Date = 8/6/2004 3:23:10 AM | Attr =	]

avgam.exe -> %ProgramFiles%\AVG\AVG8\avgam.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 658200 bytes | Modified Date = 4/6/2008 12:51:24 PM | Attr =	]

avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.84 | Size = 311576 bytes | Modified Date = 4/6/2008 12:51:27 PM | Attr =	]

avgnsx.exe -> %ProgramFiles%\AVG\AVG8\avgnsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.93 | Size = 437016 bytes | Modified Date = 4/6/2008 12:51:27 PM | Attr =	]

avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 902424 bytes | Modified Date = 4/6/2008 12:51:24 PM | Attr =	]

ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.7.0.42 | Size = 327680 bytes | Modified Date = 10/14/2004 2:03:54 AM | Attr =	]

otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 4/4/2008 12:24:38 PM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 902424 bytes | Modified Date = 4/6/2008 12:51:24 PM | Attr =	]

(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 282904 bytes | Modified Date = 4/6/2008 12:51:23 PM | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr =	]

(Goosean: DragonIPTV.exe update permissions manager. 121028.) Goosean: DragonIPTV.exe update permissions manager. 121028. [Win32_Own | Auto | Running] -> %ProgramFiles%\Dragon IPTV StarCast\DragonIPTVUpda.exe ->  [Ver = 4, 0, 0, 173 | Size = 733184 bytes | Modified Date = 2/15/2008 11:59:34 PM | Attr =	]

(iPodService) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.7.0.42 | Size = 327680 bytes | Modified Date = 10/14/2004 2:03:54 AM | Attr =	]

(nmraapache) Pure Networks Net2Go Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -> Pure Networks, Inc. [Ver = 2.0.54 | Size = 12800 bytes | Modified Date = 5/25/2006 5:07:50 PM | Attr =	]

(nmservice) Pure Networks Network Magic Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Pure Networks\Network Magic\nmsrvc.exe -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 276048 bytes | Modified Date = 6/23/2006 8:24:50 PM | Attr =	]

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 8:42:50 PM | Attr =	]

(SymWSC) SymWMI Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.00.111 | Size = 308352 bytes | Modified Date = 8/6/2004 3:23:10 AM | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 7:06:38 PM | Attr =	]

AlcxMonitor -> %SystemRoot%\ALCXMNTR.EXE [ALCXMNTR.EXE] -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 10:47:52 PM | Attr =	]

HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.3943 | Size = 126976 bytes | Modified Date = 11/2/2004 5:59:42 PM | Attr =	]

HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/2003 8:38:42 AM | Attr =	]

HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb10.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe] -> HP [Ver = 2.323.0.0 | Size = 172032 bytes | Modified Date = 1/13/2006 7:13:02 PM | Attr =	]

HPHmon06 -> %SystemRoot%\system32\hphmon06.exe [C:\WINDOWS\system32\hphmon06.exe] -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 6/7/2004 8:42:30 PM | Attr =	]

HPHUPD06 -> %ProgramFiles%\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe] -> Hewlett-Packard [Ver = 6,0,72 | Size = 49152 bytes | Modified Date = 6/7/2004 8:53:26 PM | Attr =	]

hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe [c:\windows\system\hpsysdrv.exe] -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 6:04:38 PM | Attr =	]

IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.3943 | Size = 155648 bytes | Modified Date = 11/2/2004 6:03:44 PM | Attr =	]

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe [C:\Program Files\iTunes\iTunesHelper.exe] -> Apple Computer, Inc. [Ver = 4.7.0.42 | Size = 278528 bytes | Modified Date = 10/14/2004 2:04:14 AM | Attr =	]

KBD -> %SystemDrive%\hp\KBD\kbd.exe [C:\HP\KBD\KBD.EXE] -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 9:02:48 PM | Attr =	]

LSBWatcher -> %SystemDrive%\hp\drivers\hplsbwatcher\LSBurnWatcher.exe [c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe] -> Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 10/14/2004 11:54:32 PM | Attr =	]

Malwarebytes Anti-Malware Reboot -> %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> File not found

nmapp -> %ProgramFiles%\Pure Networks\Network Magic\nmapp.exe ["C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 1029712 bytes | Modified Date = 6/23/2006 8:45:40 PM | Attr =	]

NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr =	]

NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 86016 bytes | Modified Date = 8/11/2006 8:43:04 PM | Attr =	]

nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] ->  [Ver =  | Size = 1519616 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr =	]

PS2 -> %SystemRoot%\system32\ps2.EXE [C:\WINDOWS\system32\ps2.exe] -> Hewlett-Packard Company [Ver = 1.0.2.2.112404 | Size = 90112 bytes | Modified Date = 10/25/2004 11:17:56 PM | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2/15/2005 12:18:59 PM | Attr =	]

Recguard -> %SystemRoot%\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] ->  [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Modified Date = 4/14/2004 10:43:46 PM | Attr =	]

Reminder -> %SystemRoot%\CREATOR\Remind_XP.exe ["C:\Windows\Creator\Remind_XP.exe"] -> SoftThinks [Ver = 6, 0, 52, 2 | Size = 663552 bytes | Modified Date = 12/14/2004 4:23:44 AM | Attr =	]

SSC_UserPrompt -> %CommonProgramFiles%\Symantec Shared\Security Center\UsrPrmpt.exe [c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe] -> Symantec Corporation [Ver = 2005.1.00.111 | Size = 218240 bytes | Modified Date = 8/5/2004 7:23:14 PM | Attr =	]

SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe [C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe] ->  [Ver =  | Size = 32881 bytes | Modified Date = 2/15/2005 11:42:04 AM | Attr =	]

TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3034 | Size = 180269 bytes | Modified Date = 2/15/2005 12:09:29 PM | Attr =	]

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/5/2004 5:28:24 AM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\SpySubtract.lnk -> %ProgramFiles%\InterMute\SpySubtract\sslaunch.exe -> InterMute, Inc. [Ver = 1, 0, 1, 58 | Size = 73728 bytes | Modified Date = 2/15/2005 12:21:02 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\Updates from HP.lnk -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 2/15/2005 12:23:12 PM | Attr =	]

< HP_Owner Startup Folder > -> C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup -> 

%UserProfile%\Start Menu\Programs\Startup\HP Organize.lnk -> %ProgramFiles%\Hewlett-Packard\HP Organize\bin\displayAgent.exe -> NeoPlanet [Ver = 1, 0, 0, 621 | Size = 36864 bytes | Modified Date = 7/15/2004 5:21:52 PM | Attr =	]

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{FA010552-4A27-4cb1-A1BB-3E2D697F1639} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [SpySubtract Shell Extension] -> File not found

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

fccabcb ->  -> File not found

igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3943 | Size = 348160 bytes | Modified Date = 11/2/2004 5:59:20 PM | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place0 -> ::{C55C499D-3518-44a1-998E-796AC5FC989D} -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place1 -> 8 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place2 -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place3 -> 5 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place4 -> 17 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 -> 

< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[intranet] -> 

HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr =	]

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2109 domain(s) found. -> 

104 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr =	]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/4/2003 12:17:44 AM | Attr =	]

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MEGAUPLOAD									[Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 7/31/2007 11:25:34 AM | Attr =	]

{7EA45D31-7D44-4E7B-A449-AB958B5E45ED} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\jkhfg.dll [Reg Error: Value  does not exist or could not be read.] -> File not found

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

 [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Value  does not exist or could not be read.] -> File not found

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MEGAUPLOAD									[Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 7/31/2007 11:25:34 AM | Attr =	]

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 2:26:28 PM | Attr =	]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 11:28:40 AM | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 2:26:28 PM | Attr =	]

WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MEGAUPLOAD									[Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 7/31/2007 11:25:34 AM | Attr =	]

WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 2:26:28 PM | Attr =	]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Sun Java Console] -> File not found

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

Add To HP Organize... -> %ProgramFiles%\Hewlett-Packard\HP Organize\bin ->  [Folder | Modified Date = 3/21/2008 12:02:41 PM | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{3F30D9D1-F744-4644-B092-EA093A8C8C7F} ->	(Realtek RTL8139/810x Family Fast Ethernet NIC) -> 

{C1B7B9C6-AAA0-4D0B-9008-BAD25C8801A9} ->	(1394 Net Adapter) -> 

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 12/22/2003 8:38:40 AM | Attr =	]

ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Pure Networks Shared\puresp.dll[CPureGoProtoInfo Object] -> Pure Networks, Inc. [Ver = 1.1.6174.2 | Size = 58960 bytes | Modified Date = 6/23/2006 9:10:36 PM | Attr =	]

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 

< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\.Owner -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\{644E432F-49D3-41A1-8DD5-E099162EEEC5} ->  -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> C:\WINDOWS\system32\msv1_0.dll [msv1_0] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 294400 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr =	]

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr =	]

schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr =	]

wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 616 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1858 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%ProgramFiles%\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Computer, Inc. [Ver = 4.7.0.42 | Size = 8759808 bytes | Modified Date = 10/14/2004 2:12:04 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe -> C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion] -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 2/15/2005 12:23:12 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3000 | Size = 1667584 bytes | Modified Date = 8/4/2004 4:06:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PC_Games\Starcraft\StarCraft.exe -> C:\PC_Games\Starcraft\StarCraft.exe [C:\PC_Games\Starcraft\StarCraft.exe:*:Enabled:Starcraft - Brood War] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] ->  [Ver =  | Size = 219952 bytes | Modified Date = 3/22/2008 9:03:52 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Dragon IPTV StarCast\DragonIPTV.exe -> C:\Program Files\Dragon IPTV StarCast\DragonIPTV.exe [C:\Program Files\Dragon IPTV StarCast\DragonIPTV.exe:*:Enabled:DragonIPTV] -> DragonIPTV.com [Ver = 1, 2, 10, 28 | Size = 688128 bytes | Modified Date = 2/15/2008 11:57:14 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PC_Games\Starcraft\Starcraft\StarCraft.exe -> C:\PC_Games\Starcraft\Starcraft\StarCraft.exe [C:\PC_Games\Starcraft\Starcraft\StarCraft.exe:*:Enabled:Starcraft] -> Blizzard Entertainment [Ver = 1.15.2 | Size = 1220608 bytes | Modified Date = 1/10/2008 3:23:42 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 796440 bytes | Modified Date = 4/6/2008 12:51:25 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgemc.exe -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 902424 bytes | Modified Date = 4/6/2008 12:51:24 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -> C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service] -> Pure Networks, Inc. [Ver = 3.1.6174.2 | Size = 276048 bytes | Modified Date = 6/23/2006 8:24:50 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\67:UDP -> 67:UDP:*:Enabled:DHCP Discovery Service -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6112:TCP -> 6112:TCP:*:Enabled:starcraft -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 1:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ ->  [Folder | Created Date = 4/6/2008 6:34:14 PM | Attr =  H ]

BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 213 bytes | Created Date = 3/21/2008 12:08:55 PM | Attr = RHS]

cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 3/21/2008 12:08:31 PM | Attr = RHS]

cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 260272 bytes | Created Date = 3/21/2008 12:08:52 PM | Attr = RHS]

ComboFix[1] -> %SystemDrive%\ComboFix[1] ->  [Folder | Created Date = 4/7/2008 1:51:22 PM | Attr =	]

Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 4/7/2008 2:03:34 PM | Attr =	]

drmHeader.bin -> %SystemDrive%\drmHeader.bin ->  [Ver =  | Size = 3532 bytes | Created Date = 3/26/2008 5:28:26 PM | Attr =	]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 528011264 bytes | Created Date = 3/21/2008 12:04:32 PM | Attr =  HS]

Hp Printer -> %SystemDrive%\Hp Printer ->  [Folder | Created Date = 3/21/2008 12:29:33 PM | Attr =	]

MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Created Date = 3/21/2008 2:23:29 AM | Attr = RH ]

PC_Games -> %SystemDrive%\PC_Games ->  [Folder | Created Date = 3/21/2008 12:41:49 PM | Attr =	]

RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 3/21/2008 12:28:58 PM | Attr =  HS]

System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Created Date = 3/21/2008 11:55:37 AM | Attr =  HS]

temp -> %SystemDrive%\temp ->  [Folder | Created Date = 4/1/2008 9:07:27 PM | Attr =	]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 4/7/2008 1:49:26 PM | Attr =	]

nv4_disp.dll -> %SystemRoot%\System32\dllcache\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 4496128 bytes | Created Date = 3/21/2008 11:56:31 AM | Attr =	]

nv4_mini.sys -> %SystemRoot%\System32\dllcache\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 3958496 bytes | Created Date = 3/21/2008 11:56:32 AM | Attr =	]

103C_HP_CPC_PS567AA-ABA a1000n_YC_0Pavi_QCNH509_E52NAheBLU1_47_IGuppy_SASUSTek Computer INC._V1.03_B3.04_T050126_WXH2_L409_M504_J80_7Intel_8Celeron_92.93_#050705_N10EC8139_Z11C1048C_G80862562.MRK -> %SystemRoot%\System32\drivers\103C_HP_CPC_PS567AA-ABA a1000n_YC_0Pavi_QCNH509_E52NAheBLU1_47_IGuppy_SASUSTek Computer INC._V1.03_B3.04_T050126_WXH2_L409_M504_J80_7Intel_8Celeron_92.93_#050705_N10EC8139_Z11C1048C_G80862562.MRK ->  [Ver =  | Size = 1911 bytes | Created Date = 3/21/2008 12:04:37 PM | Attr = RHS]

atmepvcc.sys -> %SystemRoot%\System32\drivers\atmepvcc.sys ->  [Ver =  | Size = 86144 bytes | Created Date = 4/6/2008 12:32:35 PM | Attr =	]

Avg -> %SystemRoot%\System32\drivers\Avg ->  [Folder | Created Date = 4/6/2008 12:51:32 PM | Attr =	]

avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg ->  [Ver =  | Size = 5618689 bytes | Created Date = 4/6/2008 12:51:32 PM | Attr =	]

incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 22469909 bytes | Created Date = 4/6/2008 12:51:32 PM | Attr =	]

microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 160433 bytes | Created Date = 4/6/2008 12:51:32 PM | Attr =	]

miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 733530 bytes | Created Date = 4/6/2008 12:51:32 PM | Attr =	]

avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Created Date = 4/6/2008 12:51:42 PM | Attr =	]

avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Created Date = 4/6/2008 12:51:39 PM | Attr =	]

avgrkx86.sys -> %SystemRoot%\System32\drivers\avgrkx86.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.13 | Size = 12424 bytes | Created Date = 4/6/2008 12:51:49 PM | Attr =	]

avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.87 | Size = 75272 bytes | Created Date = 4/6/2008 12:51:48 PM | Attr =	]

core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk ->  [Ver =  | Size = 167545 bytes | Created Date = 4/6/2008 12:32:38 PM | Attr =	]

nv4_mini.sys -> %SystemRoot%\System32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 3958496 bytes | Created Date = 3/21/2008 11:56:32 AM | Attr =	]

avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Created Date = 4/6/2008 12:51:50 PM | Attr =	]

bharebio01 -> %SystemRoot%\System32\bharebio01 ->  [Folder | Created Date = 4/6/2008 12:32:22 PM | Attr =	]

1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 1324 bytes | Created Date = 3/21/2008 9:26:23 AM | Attr =	]

dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Created Date = 3/21/2008 2:21:43 AM | Attr = RHS]

dumphive.exe -> %SystemRoot%\System32\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 4/7/2008 6:22:34 PM | Attr =	]

en-US -> %SystemRoot%\System32\en-US ->  [Folder | Created Date = 3/21/2008 9:23:05 AM | Attr =	]

ExTmp -> %SystemRoot%\System32\ExTmp ->  [Folder | Created Date = 4/6/2008 12:32:30 PM | Attr =	]

gfhkj.ini -> %SystemRoot%\System32\gfhkj.ini ->  [Ver =  | Size = 7142 bytes | Created Date = 4/6/2008 12:37:31 PM | Attr =  HS]

gfhkj.ini2 -> %SystemRoot%\System32\gfhkj.ini2 ->  [Ver =  | Size = 7142 bytes | Created Date = 4/6/2008 12:37:33 PM | Attr =  HS]

IDE2 -> %SystemRoot%\System32\IDE2 ->  [Folder | Created Date = 4/6/2008 12:32:30 PM | Attr =	]

IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 4/7/2008 6:22:34 PM | Attr =	]

igfxres.dll -> %SystemRoot%\System32\igfxres.dll -> Intel Corporation [Ver = 3.0.0.3943 | Size = 163840 bytes | Created Date = 3/21/2008 12:16:30 PM | Attr =	]

iphone-011.ico -> %SystemRoot%\System32\iphone-011.ico ->  [Ver =  | Size = 13942 bytes | Created Date = 4/7/2008 1:42:28 AM | Attr =	]

iphone-6y.ico -> %SystemRoot%\System32\iphone-6y.ico ->  [Ver =  | Size = 9662 bytes | Created Date = 4/6/2008 5:41:22 PM | Attr =	]

LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Created Date = 3/22/2008 2:19:48 PM | Attr =	]

nv4_disp.dll -> %SystemRoot%\System32\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 4496128 bytes | Created Date = 3/21/2008 11:56:31 AM | Attr =	]

nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 81191 bytes | Created Date = 3/21/2008 12:11:12 PM | Attr =	]

nvdisp.nvu -> %SystemRoot%\System32\nvdisp.nvu ->  [Ver =  | Size = 16960 bytes | Created Date = 3/21/2008 12:10:50 PM | Attr =	]

nvudisp.exe -> %SystemRoot%\System32\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 55  | Size = 208896 bytes | Created Date = 3/21/2008 12:10:50 PM | Attr =	]

NVUNINST.EXE -> %SystemRoot%\System32\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 55  | Size = 208896 bytes | Created Date = 3/21/2008 12:10:32 PM | Attr =	]

pinz1 -> %SystemRoot%\System32\pinz1 ->  [Folder | Created Date = 4/6/2008 12:32:31 PM | Attr =	]

Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 4/7/2008 6:22:33 PM | Attr =	]

SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 4/7/2008 6:22:34 PM | Attr =	]

swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 4/7/2008 6:22:33 PM | Attr =	]

swsc.exe -> %SystemRoot%\System32\swsc.exe ->  [Ver =  | Size = 40960 bytes | Created Date = 4/7/2008 6:22:34 PM | Attr =	]

swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 4/7/2008 6:22:34 PM | Attr =	]

tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 4196 bytes | Created Date = 4/7/2008 6:25:43 PM | Attr =	]

VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Created Date = 4/7/2008 6:22:34 PM | Attr =	]

vaio3-011.ico -> %SystemRoot%\System32\vaio3-011.ico ->  [Ver =  | Size = 9662 bytes | Created Date = 4/7/2008 9:46:01 AM | Attr =	]

VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 4/7/2008 6:22:34 PM | Attr =	]

wii -> %SystemRoot%\System32\wii ->  [Folder | Created Date = 4/6/2008 12:32:31 PM | Attr =	]

winpfz33.sys -> %SystemRoot%\System32\winpfz33.sys ->  [Ver =  | Size = 937 bytes | Created Date = 4/6/2008 12:33:12 PM | Attr =	]

WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Created Date = 4/7/2008 6:22:34 PM | Attr =	]

hpsysdrv.dat -> %SystemRoot%\System\hpsysdrv.dat ->  [Ver =  | Size = 246 bytes | Created Date = 3/21/2008 2:34:27 AM | Attr =	]

$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Created Date = 3/21/2008 9:21:33 AM | Attr =  H ]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Created Date = 3/21/2008 9:21:12 AM | Attr =  H ]

assembly -> %SystemRoot%\assembly ->  [Folder | Created Date = 3/21/2008 2:23:02 AM | Attr = R S]

ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 4/7/2008 2:03:54 PM | Attr =	]

hpdj3840.his -> %SystemRoot%\hpdj3840.his ->  [Ver =  | Size = 274111 bytes | Created Date = 3/21/2008 12:30:38 PM | Attr =	]

hpdj3840.ini -> %SystemRoot%\hpdj3840.ini ->  [Ver =  | Size = 10498 bytes | Created Date = 3/21/2008 12:30:38 PM | Attr =	]

I386 -> %SystemRoot%\I386 ->  [Folder | Created Date = 3/21/2008 2:32:33 AM | Attr =	]

IA -> %SystemRoot%\IA ->  [Folder | Created Date = 4/6/2008 12:32:43 PM | Attr =  HS]

ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 3/21/2008 9:21:52 AM | Attr =  H ]

msdownld.tmp -> %SystemRoot%\msdownld.tmp ->  [Folder | Created Date = 3/21/2008 9:23:23 AM | Attr =  H ]

nview -> %SystemRoot%\nview ->  [Folder | Created Date = 3/21/2008 12:10:50 PM | Attr =	]

Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Created Date = 3/21/2008 2:22:54 AM | Attr = R  ]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 3/21/2008 11:59:06 AM | Attr =	]

scunin.dat -> %SystemRoot%\scunin.dat ->  [Ver =  | Size = 38807 bytes | Created Date = 3/31/2008 4:02:32 AM | Attr =	]

ScUnin.exe -> %SystemRoot%\ScUnin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 5 | Size = 94208 bytes | Created Date = 3/31/2008 4:02:32 AM | Attr =	]

ScUnin.pif -> %SystemRoot%\ScUnin.pif ->  [Ver =  | Size = 967 bytes | Created Date = 3/31/2008 4:02:32 AM | Attr =	]

setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Created Date = 3/21/2008 12:08:27 PM | Attr =	]

Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 4/6/2008 12:27:08 PM | Attr =	]

WBEM -> %SystemRoot%\WBEM ->  [Folder | Created Date = 3/21/2008 9:23:06 AM | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 156 bytes | Created Date = 4/6/2008 1:29:27 PM | Attr =	]

Easy Internet Sign-up.job -> %SystemRoot%\tasks\Easy Internet Sign-up.job ->  [Ver =  | Size = 278 bytes | Created Date = 3/21/2008 11:50:12 AM | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

avg8 -> %AllUsersProfile%\Application Data\avg8 ->  [Folder | Created Date = 4/6/2008 12:51:21 PM | Attr =	]

Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 4/7/2008 9:42:17 AM | Attr =	]

Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 4/7/2008 1:27:57 PM | Attr =	]

NVIDIA -> %AllUsersProfile%\Application Data\NVIDIA ->  [Folder | Created Date = 3/21/2008 12:17:22 PM | Attr =	]

nView_Profiles -> %AllUsersProfile%\Application Data\nView_Profiles ->  [Folder | Created Date = 3/21/2008 9:26:24 AM | Attr =	]

Pure Networks -> %AllUsersProfile%\Application Data\Pure Networks ->  [Folder | Created Date = 3/21/2008 9:03:32 AM | Attr =	]

Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 4/6/2008 1:00:58 PM | Attr =	]

Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage ->  [Folder | Created Date = 3/21/2008 9:20:19 AM | Attr =	]

Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion ->  [Folder | Created Date = 3/21/2008 9:28:48 AM | Attr =	]

Adobe -> %AppData%\Adobe ->  [Folder | Created Date = 3/21/2008 9:42:30 AM | Attr =	]

AdobeUM -> %AppData%\AdobeUM ->  [Folder | Created Date = 3/24/2008 7:22:01 PM | Attr =	]

Apple Computer -> %AppData%\Apple Computer ->  [Folder | Created Date = 3/21/2008 12:04:01 PM | Attr =	]

desktop.ini -> %AppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 3/21/2008 12:04:05 PM | Attr =  HS]

DivX -> %AppData%\DivX ->  [Folder | Created Date = 3/24/2008 3:46:11 PM | Attr =	]

Identities -> %AppData%\Identities ->  [Folder | Created Date = 3/21/2008 12:04:01 PM | Attr =	]

InterMute -> %AppData%\InterMute ->  [Folder | Created Date = 3/21/2008 12:04:01 PM | Attr =	]

Macromedia -> %AppData%\Macromedia ->  [Folder | Created Date = 3/21/2008 9:06:07 AM | Attr =	]

Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 4/7/2008 1:28:08 PM | Attr =	]

MegauploadToolbar -> %AppData%\MegauploadToolbar ->  [Folder | Created Date = 3/24/2008 11:05:13 PM | Attr =	]

Microsoft -> %AppData%\Microsoft ->  [Folder | Created Date = 3/21/2008 12:04:01 PM | Attr =   S]

Microsoft Web Folders -> %AppData%\Microsoft Web Folders ->  [Folder | Created Date = 3/21/2008 12:36:15 PM | Attr =	]

Real -> %AppData%\Real ->  [Folder | Created Date = 3/21/2008 12:04:00 PM | Attr =	]

SampleView -> %AppData%\SampleView ->  [Folder | Created Date = 3/21/2008 12:04:00 PM | Attr =	]

Sun -> %AppData%\Sun ->  [Folder | Created Date = 3/21/2008 12:04:00 PM | Attr =	]

Symantec -> %AppData%\Symantec ->  [Folder | Created Date = 3/21/2008 12:04:00 PM | Attr =	]

uTorrent -> %AppData%\uTorrent ->  [Folder | Created Date = 3/22/2008 9:03:45 AM | Attr =	]

Adobe -> %UserProfile%\Local Settings\Application Data\Adobe ->  [Folder | Created Date = 3/24/2008 7:22:00 PM | Attr =	]

Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Created Date = 3/21/2008 12:04:00 PM | Attr =	]

ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Created Date = 3/21/2008 12:04:00 PM | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 70144 bytes | Created Date = 3/21/2008 12:38:18 PM | Attr =	]

fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat ->  [Ver =  | Size = 128 bytes | Created Date = 3/21/2008 12:04:04 PM | Attr =	]

GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 38384 bytes | Created Date = 3/21/2008 12:17:25 PM | Attr =	]

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 3173974 bytes | Created Date = 3/21/2008 12:04:04 PM | Attr =  H ]

Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Created Date = 3/21/2008 12:04:00 PM | Attr =	]

WinAVI -> %UserProfile%\Local Settings\Application Data\WinAVI ->  [Folder | Created Date = 4/6/2008 11:02:37 AM | Attr =	]

{7148F0A6-6813-11D6-A77B-00B0D0142030} -> %UserProfile%\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030} ->  [Folder | Created Date = 3/21/2008 12:04:00 PM | Attr =	]

My Music -> %AllUsersProfile%\Documents\My Music ->  [Folder | Created Date = 3/21/2008 2:23:24 AM | Attr = R  ]

My Pictures -> %AllUsersProfile%\Documents\My Pictures ->  [Folder | Created Date = 3/21/2008 2:23:24 AM | Attr = R  ]

My Videos -> %AllUsersProfile%\Documents\My Videos ->  [Folder | Created Date = 3/21/2008 12:39:14 PM | Attr = R  ]

Dad -> %UserProfile%\My Documents\Dad ->  [Folder | Created Date = 3/21/2008 12:24:30 PM | Attr =	]

desktop.ini -> %UserProfile%\My Documents\desktop.ini ->  [Ver =  | Size = 79 bytes | Created Date = 3/21/2008 12:04:03 PM | Attr =  HS]

Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Created Date = 3/23/2008 12:37:53 PM | Attr =	]

Homework -> %UserProfile%\My Documents\Homework ->  [Folder | Created Date = 4/5/2008 10:11:11 PM | Attr =	]

My Chat Logs -> %UserProfile%\My Documents\My Chat Logs ->  [Folder | Created Date = 3/21/2008 12:45:20 PM | Attr =	]

My eBooks -> %UserProfile%\My Documents\My eBooks ->  [Folder | Created Date = 3/24/2008 7:21:55 PM | Attr =	]

My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Created Date = 3/21/2008 12:04:00 PM | Attr = R  ]

My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Created Date = 3/21/2008 12:04:00 PM | Attr = R  ]

My Received Files -> %UserProfile%\My Documents\My Received Files ->  [Folder | Created Date = 3/25/2008 5:46:52 PM | Attr =	]

My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Created Date = 3/21/2008 12:04:00 PM | Attr = R  ]

Sandy Flash drive -> %UserProfile%\My Documents\Sandy Flash drive ->  [Folder | Created Date = 3/21/2008 12:37:49 PM | Attr =	]

??mantec -> %UserProfile%\My Documents\Ѕуmantec ->  [Folder | Modified Date = 4/6/2008 12:46:29 PM | Attr =	]

AOL® for Broadband.lnk -> %AllUsersProfile%\Desktop\AOL® for Broadband.lnk ->  [Ver =  | Size = 1954 bytes | Created Date = 3/21/2008 12:02:46 PM | Attr =	]

AOL®.lnk -> %AllUsersProfile%\Desktop\AOL®.lnk ->  [Ver =  | Size = 1830 bytes | Created Date = 3/21/2008 12:02:46 PM | Attr =	]

AVG 8.0.lnk -> %AllUsersProfile%\Desktop\AVG 8.0.lnk ->  [Ver =  | Size = 1518 bytes | Created Date = 4/6/2008 12:51:52 PM | Attr =	]

Easy Internet Sign-up.lnk -> %AllUsersProfile%\Desktop\Easy Internet Sign-up.lnk ->  [Ver =  | Size = 745 bytes | Created Date = 3/21/2008 12:02:35 PM | Attr =	]

HP Deskjet 3840 Series User's Guide.lnk -> %AllUsersProfile%\Desktop\HP Deskjet 3840 Series User's Guide.lnk ->  [Ver =  | Size = 800 bytes | Created Date = 3/21/2008 12:31:12 PM | Attr =	]

HP Extended Service Plans.lnk -> %AllUsersProfile%\Desktop\HP Extended Service Plans.lnk ->  [Ver =  | Size = 1540 bytes | Created Date = 3/21/2008 12:02:46 PM | Attr =	]

Install Quicken New User Edition.lnk -> %AllUsersProfile%\Desktop\Install Quicken New User Edition.lnk ->  [Ver =  | Size = 1708 bytes | Created Date = 3/21/2008 12:02:46 PM | Attr =	]

MSN.lnk -> %AllUsersProfile%\Desktop\MSN.lnk ->  [Ver =  | Size = 1857 bytes | Created Date = 3/21/2008 12:02:46 PM | Attr =	]

Network Magic.lnk -> %AllUsersProfile%\Desktop\Network Magic.lnk ->  [Ver =  | Size = 853 bytes | Created Date = 3/21/2008 9:03:33 AM | Attr =	]

Software Repair Wizard.lnk -> %AllUsersProfile%\Desktop\Software Repair Wizard.lnk ->  [Ver =  | Size = 731 bytes | Created Date = 3/21/2008 12:02:46 PM | Attr =	]

Command Prompt.lnk -> %UserProfile%\Desktop\Command Prompt.lnk ->  [Ver =  | Size = 1554 bytes | Created Date = 3/21/2008 12:04:01 PM | Attr =	]

Help and Support.lnk -> %UserProfile%\Desktop\Help and Support.lnk ->  [Ver =  | Size = 2235 bytes | Created Date = 3/21/2008 12:04:04 PM | Attr =	]

OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 4/7/2008 9:47:10 PM | Attr =	]

OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 540250 bytes | Created Date = 4/7/2008 9:35:42 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier

Register with HP.url -> %UserProfile%\Desktop\Register with HP.url ->  [Ver =  | Size = 603 bytes | Created Date = 3/21/2008 12:05:22 PM | Attr =	]

Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 944 bytes | Created Date = 4/6/2008 1:01:04 PM | Attr =	]

WinAVI Video Converter .lnk -> %UserProfile%\Desktop\WinAVI Video Converter .lnk ->  [Ver =  | Size = 699 bytes | Created Date = 4/6/2008 11:02:34 AM | Attr =	]

µTorrent.lnk -> %UserProfile%\Desktop\µTorrent.lnk ->  [Ver =  | Size = 641 bytes | Created Date = 3/22/2008 9:03:53 AM | Attr =	]

Microsoft Office.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk ->  [Ver =  | Size = 1736 bytes | Created Date = 3/21/2008 12:38:11 PM | Attr =	]

Updates from HP.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Updates from HP.lnk ->  [Ver =  | Size = 1870 bytes | Created Date = 3/21/2008 11:50:29 AM | Attr =	]

desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 3/21/2008 12:04:01 PM | Attr =  HS]

HP Organize.lnk -> %UserProfile%\Start Menu\Programs\Startup\HP Organize.lnk ->  [Ver =  | Size = 1687 bytes | Created Date = 3/21/2008 11:50:29 AM | Attr =	]

Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Created Date = 3/24/2008 7:20:09 PM | Attr =	]

Pure Networks Shared -> %CommonProgramFiles%\Pure Networks Shared ->  [Folder | Created Date = 3/21/2008 9:03:32 AM | Attr =	]



[Files/Folders - Modified Within 30 days]

$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ ->  [Folder | Modified Date = 4/7/2008 9:08:50 PM | Attr =  H ]

BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 213 bytes | Modified Date = 3/21/2008 12:02:12 PM | Attr = RHS]

boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 283 bytes | Modified Date = 3/21/2008 12:08:56 PM | Attr = RHS]

cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Modified Date = 3/21/2008 12:08:56 PM | Attr = RHS]

ComboFix[1] -> %SystemDrive%\ComboFix[1] ->  [Folder | Modified Date = 4/7/2008 1:51:25 PM | Attr =	]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 4/7/2008 2:07:04 PM | Attr =  H ]

Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 4/7/2008 2:03:34 PM | Attr =	]

Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 3/21/2008 12:03:59 PM | Attr =	]

drmHeader.bin -> %SystemDrive%\drmHeader.bin ->  [Ver =  | Size = 3532 bytes | Modified Date = 3/26/2008 5:36:50 PM | Attr =	]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 528011264 bytes | Modified Date = 4/7/2008 9:45:11 PM | Attr =  HS]

Hp Printer -> %SystemDrive%\Hp Printer ->  [Folder | Modified Date = 3/21/2008 12:29:33 PM | Attr =	]

MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Modified Date = 3/21/2008 2:31:53 AM | Attr = RH ]

PC_Games -> %SystemDrive%\PC_Games ->  [Folder | Modified Date = 3/21/2008 10:21:10 AM | Attr =	]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 4/7/2008 2:06:11 PM | Attr =	]

RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 3/21/2008 12:28:58 PM | Attr =  HS]

sysprep -> %SystemDrive%\sysprep ->  [Folder | Modified Date = 3/21/2008 12:02:53 PM | Attr =	]

System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 3/21/2008 11:59:08 AM | Attr =  HS]

temp -> %SystemDrive%\temp ->  [Folder | Modified Date = 4/6/2008 12:32:49 PM | Attr =	]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 4/7/2008 1:49:26 PM | Attr =	]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 4/7/2008 2:07:04 PM | Attr =	]

103C_HP_CPC_PS567AA-ABA a1000n_YC_0Pavi_QCNH509_E52NAheBLU1_47_IGuppy_SASUSTek Computer INC._V1.03_B3.04_T050126_WXH2_L409_M504_J80_7Intel_8Celeron_92.93_#050705_N10EC8139_Z11C1048C_G80862562.MRK -> %SystemRoot%\System32\drivers\103C_HP_CPC_PS567AA-ABA a1000n_YC_0Pavi_QCNH509_E52NAheBLU1_47_IGuppy_SASUSTek Computer INC._V1.03_B3.04_T050126_WXH2_L409_M504_J80_7Intel_8Celeron_92.93_#050705_N10EC8139_Z11C1048C_G80862562.MRK ->  [Ver =  | Size = 1911 bytes | Modified Date = 3/21/2008 12:04:41 PM | Attr = RHS]

atmepvcc.sys -> %SystemRoot%\System32\drivers\atmepvcc.sys ->  [Ver =  | Size = 86144 bytes | Modified Date = 4/6/2008 12:32:35 PM | Attr =	]

Avg -> %SystemRoot%\System32\drivers\Avg ->  [Folder | Modified Date = 4/7/2008 6:37:40 PM | Attr =	]

avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg ->  [Ver =  | Size = 5618689 bytes | Modified Date = 4/6/2008 12:51:32 PM | Attr =	]

incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 22469909 bytes | Modified Date = 4/7/2008 6:37:39 PM | Attr =	]

microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 160433 bytes | Modified Date = 4/7/2008 6:37:19 PM | Attr =	]

miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 733530 bytes | Modified Date = 4/6/2008 12:51:32 PM | Attr =	]

avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 4/6/2008 12:51:42 PM | Attr =	]

avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 4/6/2008 12:51:39 PM | Attr =	]

avgrkx86.sys -> %SystemRoot%\System32\drivers\avgrkx86.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.13 | Size = 12424 bytes | Modified Date = 4/6/2008 12:51:49 PM | Attr =	]

avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.87 | Size = 75272 bytes | Modified Date = 4/6/2008 12:51:48 PM | Attr =	]

core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk ->  [Ver =  | Size = 167545 bytes | Modified Date = 4/6/2008 12:32:38 PM | Attr =	]

$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf ->  [Ver =  | Size = 993 bytes | Modified Date = 3/21/2008 12:02:53 PM | Attr =	]

avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 4/6/2008 12:51:51 PM | Attr =	]

bharebio01 -> %SystemRoot%\System32\bharebio01 ->  [Folder | Modified Date = 4/6/2008 12:32:22 PM | Attr =	]

1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 3/21/2008 12:33:15 PM | Attr =	]

CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 4/7/2008 2:05:12 PM | Attr =	]

Com -> %SystemRoot%\System32\Com ->  [Folder | Modified Date = 3/21/2008 2:32:02 AM | Attr =	]

config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 3/21/2008 9:23:14 AM | Attr =	]

d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 1324 bytes | Modified Date = 3/21/2008 9:26:23 AM | Attr =	]

dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 3/21/2008 9:25:44 AM | Attr = RHS]

drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 4/7/2008 2:06:56 PM | Attr =	]

en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 3/21/2008 9:23:06 AM | Attr =	]

ExTmp -> %SystemRoot%\System32\ExTmp ->  [Folder | Modified Date = 4/7/2008 9:52:01 AM | Attr =	]

FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 165912 bytes | Modified Date = 3/21/2008 9:25:53 AM | Attr =	]

gfhkj.ini -> %SystemRoot%\System32\gfhkj.ini ->  [Ver =  | Size = 7142 bytes | Modified Date = 4/6/2008 1:39:25 PM | Attr =  HS]

gfhkj.ini2 -> %SystemRoot%\System32\gfhkj.ini2 ->  [Ver =  | Size = 7142 bytes | Modified Date = 4/6/2008 1:38:32 PM | Attr =  HS]

ias -> %SystemRoot%\System32\ias ->  [Folder | Modified Date = 3/21/2008 2:32:15 AM | Attr =	]

icsxml -> %SystemRoot%\System32\icsxml ->  [Folder | Modified Date = 3/21/2008 2:32:16 AM | Attr =	]

IDE2 -> %SystemRoot%\System32\IDE2 ->  [Folder | Modified Date = 4/6/2008 12:32:30 PM | Attr =	]

IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 3/26/2008 8:50:45 AM | Attr =	]

iphone-011.ico -> %SystemRoot%\System32\iphone-011.ico ->  [Ver =  | Size = 13942 bytes | Modified Date = 4/7/2008 1:42:28 AM | Attr =	]

iphone-6y.ico -> %SystemRoot%\System32\iphone-6y.ico ->  [Ver =  | Size = 9662 bytes | Modified Date = 4/6/2008 5:41:32 PM | Attr =	]

LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Modified Date = 3/22/2008 2:19:48 PM | Attr =	]

Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Modified Date = 3/21/2008 10:29:17 AM | Attr =	]

nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 81191 bytes | Modified Date = 4/7/2008 9:45:48 PM | Attr =	]

oobe -> %SystemRoot%\System32\oobe ->  [Folder | Modified Date = 3/21/2008 2:32:21 AM | Attr =	]

perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 63016 bytes | Modified Date = 4/2/2008 12:27:48 AM | Attr =	]

perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 402406 bytes | Modified Date = 4/2/2008 12:27:48 AM | Attr =	]

PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 470894 bytes | Modified Date = 4/2/2008 12:27:48 AM | Attr =	]

pinz1 -> %SystemRoot%\System32\pinz1 ->  [Folder | Modified Date = 4/7/2008 9:08:03 PM | Attr =	]

ras -> %SystemRoot%\System32\ras ->  [Folder | Modified Date = 3/21/2008 2:32:22 AM | Attr =	]

Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 3/21/2008 2:32:04 AM | Attr =	]

tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 4196 bytes | Modified Date = 4/7/2008 6:27:26 PM | Attr =	]

VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Modified Date = 3/28/2008 11:19:34 PM | Attr =	]

vaio3-011.ico -> %SystemRoot%\System32\vaio3-011.ico ->  [Ver =  | Size = 9662 bytes | Modified Date = 4/7/2008 9:46:01 AM | Attr =	]

wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 3/21/2008 2:32:23 AM | Attr =	]

wii -> %SystemRoot%\System32\wii ->  [Folder | Modified Date = 4/7/2008 9:08:50 PM | Attr =	]

winpfz33.sys -> %SystemRoot%\System32\winpfz33.sys ->  [Ver =  | Size = 937 bytes | Modified Date = 4/6/2008 12:33:30 PM | Attr =	]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 3/21/2008 9:25:59 AM | Attr =	]

hpsysdrv.dat -> %SystemRoot%\System\hpsysdrv.dat ->  [Ver =  | Size = 246 bytes | Modified Date = 4/7/2008 9:45:33 PM | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 3/21/2008 9:20:40 AM | Attr =  H ]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Modified Date = 3/21/2008 9:21:33 AM | Attr =  H ]

$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Modified Date = 3/21/2008 9:21:12 AM | Attr =  H ]

assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 4/2/2008 12:40:09 AM | Attr = R S]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 4/7/2008 9:45:16 PM | Attr =   S]

CREATOR -> %SystemRoot%\CREATOR ->  [Folder | Modified Date = 4/1/2008 9:07:27 PM | Attr =	]

Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 3/21/2008 2:31:56 AM | Attr =	]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 4/7/2008 6:35:43 PM | Attr =   S]

ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 4/7/2008 2:03:54 PM | Attr =	]

Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 3/21/2008 12:38:02 PM | Attr = R S]

Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 3/21/2008 9:25:44 AM | Attr =	]

hpdj3840.his -> %SystemRoot%\hpdj3840.his ->  [Ver =  | Size = 274111 bytes | Modified Date = 3/21/2008 12:32:11 PM | Attr =	]

hpdj3840.ini -> %SystemRoot%\hpdj3840.ini ->  [Ver =  | Size = 10498 bytes | Modified Date = 3/21/2008 12:32:11 PM | Attr =	]

I386 -> %SystemRoot%\I386 ->  [Folder | Modified Date = 3/21/2008 12:08:04 PM | Attr =	]

IA -> %SystemRoot%\IA ->  [Folder | Modified Date = 4/7/2008 10:16:38 AM | Attr =  HS]

ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 3/21/2008 9:22:44 AM | Attr =  H ]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 3/21/2008 9:21:40 AM | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 4/2/2008 12:23:43 AM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 4/7/2008 2:07:05 PM | Attr =  HS]

Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 3/21/2008 9:22:58 AM | Attr =	]

Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 4/2/2008 12:39:09 AM | Attr =	]

msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 3/21/2008 2:32:01 AM | Attr =	]

msapps -> %SystemRoot%\msapps ->  [Folder | Modified Date = 3/21/2008 12:35:55 PM | Attr =	]

msdownld.tmp -> %SystemRoot%\msdownld.tmp ->  [Folder | Modified Date = 3/21/2008 9:23:48 AM | Attr =  H ]

nview -> %SystemRoot%\nview ->  [Folder | Modified Date = 3/21/2008 12:12:37 PM | Attr =	]

ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Modified Date = 3/21/2008 12:39:20 PM | Attr =	]

Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Modified Date = 3/21/2008 2:31:35 AM | Attr = R  ]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 4/7/2008 9:47:31 PM | Attr =	]

Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 3/21/2008 11:59:52 AM | Attr =	]

scunin.dat -> %SystemRoot%\scunin.dat ->  [Ver =  | Size = 38807 bytes | Modified Date = 3/31/2008 4:03:51 AM | Attr =	]

ScUnin.exe -> %SystemRoot%\ScUnin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 5 | Size = 94208 bytes | Modified Date = 3/31/2008 4:03:50 AM | Attr =	]

ScUnin.pif -> %SystemRoot%\ScUnin.pif ->  [Ver =  | Size = 967 bytes | Modified Date = 3/31/2008 4:03:50 AM | Attr =	]

security -> %SystemRoot%\security ->  [Folder | Modified Date = 3/21/2008 12:11:53 PM | Attr =	]

setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Modified Date = 3/21/2008 12:08:27 PM | Attr =	]

SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Modified Date = 3/21/2008 12:37:25 PM | Attr =	]

SMINST -> %SystemRoot%\SMINST ->  [Folder | Modified Date = 3/21/2008 2:32:35 AM | Attr =	]

SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 3/21/2008 9:03:36 AM | Attr =	]

srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 3/21/2008 2:32:01 AM | Attr =	]

Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 4/6/2008 12:27:08 PM | Attr =	]

system -> %SystemRoot%\system ->  [Folder | Modified Date = 3/21/2008 12:35:55 PM | Attr =	]

system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 231 bytes | Modified Date = 3/21/2008 11:57:04 AM | Attr =	]

system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 4/7/2008 9:07:08 PM | Attr =	]

Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 3/21/2008 11:50:20 AM | Attr =   S]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 4/7/2008 9:47:31 PM | Attr =	]

viassary-hp.reg -> %SystemRoot%\viassary-hp.reg ->  [Ver =  | Size = 3645 bytes | Modified Date = 4/7/2008 9:45:56 PM | Attr =	]

WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 3/21/2008 9:23:06 AM | Attr =	]

Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 3/21/2008 2:32:01 AM | Attr = R  ]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 593 bytes | Modified Date = 3/21/2008 12:38:19 PM | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 156 bytes | Modified Date = 4/6/2008 1:30:09 PM | Attr =	]

WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 4/6/2008 12:50:48 PM | Attr =	]

Easy Internet Sign-up.job -> %SystemRoot%\tasks\Easy Internet Sign-up.job ->  [Ver =  | Size = 278 bytes | Modified Date = 3/21/2008 11:50:20 AM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 4/7/2008 9:45:26 PM | Attr =  H ]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 3/21/2008 9:06:14 AM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5526 bytes | Modified Date = 3/21/2008 9:06:14 AM | Attr =	]

IadHide5.dll -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\IadHide5.dll -> BackWeb [Ver = Version 6.3.2 (Build 62R) | Size = 24613 bytes | Modified Date = 2/15/2005 12:23:12 PM | Attr =	]

index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 4/7/2008 9:46:41 PM | Attr =  HS]

index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 4/7/2008 9:46:41 PM | Attr =  HS]

index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 4/7/2008 9:46:41 PM | Attr =  HS]

desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 145 bytes | Modified Date = 4/7/2008 9:46:31 PM | Attr =  HS]

desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 4/7/2008 9:46:31 PM | Attr =  HS]

desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\00MWUSMX\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 4/7/2008 9:46:31 PM | Attr =  HS]

desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4O8KTR21\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 4/7/2008 9:46:31 PM | Attr =  HS]

desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\FPL806J3\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 4/7/2008 9:46:31 PM | Attr =  HS]

desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QY6JFXN1\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 4/7/2008 9:46:31 PM | Attr =  HS]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

avg8 -> %AllUsersProfile%\Application Data\avg8 ->  [Folder | Modified Date = 4/6/2008 5:53:09 PM | Attr =	]

Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 4/7/2008 2:06:56 PM | Attr =	]

Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Modified Date = 4/7/2008 1:27:57 PM | Attr =	]

NVIDIA -> %AllUsersProfile%\Application Data\NVIDIA ->  [Folder | Modified Date = 3/21/2008 12:17:22 PM | Attr =	]

nView_Profiles -> %AllUsersProfile%\Application Data\nView_Profiles ->  [Folder | Modified Date = 3/21/2008 9:26:24 AM | Attr =	]

Pure Networks -> %AllUsersProfile%\Application Data\Pure Networks ->  [Folder | Modified Date = 3/21/2008 9:03:32 AM | Attr =	]

Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 4/6/2008 1:35:40 PM | Attr =	]

Symantec -> %AllUsersProfile%\Application Data\Symantec ->  [Folder | Modified Date = 4/7/2008 10:16:49 AM | Attr =	]

Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage ->  [Folder | Modified Date = 3/21/2008 9:20:19 AM | Attr =	]

Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion ->  [Folder | Modified Date = 3/21/2008 9:28:48 AM | Attr =	]

Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 3/24/2008 7:20:16 PM | Attr =	]

AdobeUM -> %AppData%\AdobeUM ->  [Folder | Modified Date = 3/24/2008 7:22:01 PM | Attr =	]

DivX -> %AppData%\DivX ->  [Folder | Modified Date = 3/24/2008 3:46:11 PM | Attr =	]

Macromedia -> %AppData%\Macromedia ->  [Folder | Modified Date = 3/21/2008 9:06:07 AM | Attr =	]

Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Modified Date = 4/7/2008 1:28:08 PM | Attr =	]

MegauploadToolbar -> %AppData%\MegauploadToolbar ->  [Folder | Modified Date = 4/7/2008 9:42:57 PM | Attr =	]

Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 4/6/2008 5:53:17 PM | Attr =   S]

Microsoft Web Folders -> %AppData%\Microsoft Web Folders ->  [Folder | Modified Date = 3/21/2008 12:36:15 PM | Attr =	]

Symantec -> %AppData%\Symantec ->  [Folder | Modified Date = 3/21/2008 12:16:42 PM | Attr =	]

uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 4/6/2008 5:51:17 PM | Attr =	]

Adobe -> %UserProfile%\Local Settings\Application Data\Adobe ->  [Folder | Modified Date = 3/24/2008 7:22:00 PM | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 70144 bytes | Modified Date = 4/6/2008 5:41:34 PM | Attr =	]

GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 38384 bytes | Modified Date = 3/21/2008 9:05:53 AM | Attr =	]

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 3173974 bytes | Modified Date = 4/6/2008 12:52:26 PM | Attr =  H ]

Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 4/6/2008 5:53:17 PM | Attr =	]

WinAVI -> %UserProfile%\Local Settings\Application Data\WinAVI ->  [Folder | Modified Date = 4/6/2008 11:02:37 AM | Attr =	]

My Music -> %AllUsersProfile%\Documents\My Music ->  [Folder | Modified Date = 3/21/2008 2:31:54 AM | Attr = R  ]

My Pictures -> %AllUsersProfile%\Documents\My Pictures ->  [Folder | Modified Date = 3/21/2008 2:31:54 AM | Attr = R  ]

My Videos -> %AllUsersProfile%\Documents\My Videos ->  [Folder | Modified Date = 3/21/2008 12:39:14 PM | Attr = R  ]

Dad -> %UserProfile%\My Documents\Dad ->  [Folder | Modified Date = 3/21/2008 12:24:30 PM | Attr =	]

desktop.ini -> %UserProfile%\My Documents\desktop.ini ->  [Ver =  | Size = 79 bytes | Modified Date = 3/21/2008 9:26:03 AM | Attr =  HS]

Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Modified Date = 4/6/2008 5:33:45 PM | Attr =	]

Homework -> %UserProfile%\My Documents\Homework ->  [Folder | Modified Date = 4/6/2008 12:49:37 PM | Attr =	]

My Chat Logs -> %UserProfile%\My Documents\My Chat Logs ->  [Folder | Modified Date = 3/21/2008 12:45:37 PM | Attr =	]

My eBooks -> %UserProfile%\My Documents\My eBooks ->  [Folder | Modified Date = 3/24/2008 7:21:55 PM | Attr =	]

My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 3/25/2008 9:25:57 PM | Attr = R  ]

My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 3/21/2008 9:26:03 AM | Attr = R  ]

My Received Files -> %UserProfile%\My Documents\My Received Files ->  [Folder | Modified Date = 3/25/2008 5:55:38 PM | Attr =	]

My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Modified Date = 3/21/2008 2:31:53 AM | Attr = R  ]

Sandy Flash drive -> %UserProfile%\My Documents\Sandy Flash drive ->  [Folder | Modified Date = 3/21/2008 12:37:52 PM | Attr =	]

??mantec -> %UserProfile%\My Documents\Ѕуmantec ->  [Folder | Modified Date = 4/6/2008 12:46:29 PM | Attr =	]

AVG 8.0.lnk -> %AllUsersProfile%\Desktop\AVG 8.0.lnk ->  [Ver =  | Size = 1518 bytes | Modified Date = 4/6/2008 12:51:52 PM | Attr =	]

Easy Internet Sign-up.lnk -> %AllUsersProfile%\Desktop\Easy Internet Sign-up.lnk ->  [Ver =  | Size = 745 bytes | Modified Date = 3/21/2008 11:50:12 AM | Attr =	]

HP Deskjet 3840 Series User's Guide.lnk -> %AllUsersProfile%\Desktop\HP Deskjet 3840 Series User's Guide.lnk ->  [Ver =  | Size = 800 bytes | Modified Date = 3/21/2008 12:31:12 PM | Attr =	]

Network Magic.lnk -> %AllUsersProfile%\Desktop\Network Magic.lnk ->  [Ver =  | Size = 853 bytes | Modified Date = 3/21/2008 9:03:33 AM | Attr =	]

Command Prompt.lnk -> %UserProfile%\Desktop\Command Prompt.lnk ->  [Ver =  | Size = 1554 bytes | Modified Date = 4/1/2008 8:31:45 AM | Attr =	]

OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 4/7/2008 9:47:10 PM | Attr =	]

OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 540250 bytes | Modified Date = 4/7/2008 9:35:42 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier

Register with HP.url -> %UserProfile%\Desktop\Register with HP.url ->  [Ver =  | Size = 603 bytes | Modified Date = 3/21/2008 12:05:22 PM | Attr =	]

Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 944 bytes | Modified Date = 4/6/2008 1:01:04 PM | Attr =	]

WinAVI Video Converter .lnk -> %UserProfile%\Desktop\WinAVI Video Converter .lnk ->  [Ver =  | Size = 699 bytes | Modified Date = 4/6/2008 11:02:34 AM | Attr =	]

µTorrent.lnk -> %UserProfile%\Desktop\µTorrent.lnk ->  [Ver =  | Size = 641 bytes | Modified Date = 3/22/2008 9:03:53 AM | Attr =	]

Microsoft Office.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk ->  [Ver =  | Size = 1736 bytes | Modified Date = 3/21/2008 12:38:11 PM | Attr =	]

Updates from HP.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Updates from HP.lnk ->  [Ver =  | Size = 1870 bytes | Modified Date = 3/21/2008 11:50:29 AM | Attr =	]

Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 3/24/2008 7:20:21 PM | Attr =	]

Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 3/21/2008 12:37:40 PM | Attr =	]

Pure Networks Shared -> %CommonProgramFiles%\Pure Networks Shared ->  [Folder | Modified Date = 3/21/2008 9:03:32 AM | Attr =	]

Services -> %CommonProgramFiles%\Services ->  [Folder | Modified Date = 3/21/2008 2:32:24 AM | Attr =	]

Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 4/7/2008 10:16:50 AM | Attr =	]

System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 3/21/2008 12:37:28 PM | Attr =	]



< End of report >


#4 capurp

capurp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 07 April 2008 - 08:52 PM

Here is the results of the scan as an atachment if it helps

#5 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 09 April 2008 - 08:29 PM

Start OtScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7EA45D31-7D44-4E7B-A449-AB958B5E45ED} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\jkhfg.dll [Reg Error: Value  does not exist or could not be read.]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> fccabcb -> 
[Files/Folders - Created Within 30 days]
NY -> ComboFix[1] -> %SystemDrive%\ComboFix[1]
NY -> VundoFix Backups -> %SystemDrive%\VundoFix Backups
YY -> atmepvcc.sys -> %SystemRoot%\System32\drivers\atmepvcc.sys
NY -> gfhkj.ini -> %SystemRoot%\System32\gfhkj.ini
NY -> gfhkj.ini2 -> %SystemRoot%\System32\gfhkj.ini2
NY -> IDE2 -> %SystemRoot%\System32\IDE2
NY -> IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe
NY -> SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe
NY -> swreg.exe -> %SystemRoot%\System32\swreg.exe
NY -> VACFix.exe -> %SystemRoot%\System32\VACFix.exe
NY -> VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe
NY -> winpfz33.sys -> %SystemRoot%\System32\winpfz33.sys
NY -> WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> ??mantec -> %UserProfile%\My Documents\Ѕуmantec
[Files/Folders - Modified Within 30 days]
NY -> ComboFix[1] -> %SystemDrive%\ComboFix[1]
YY -> atmepvcc.sys -> %SystemRoot%\System32\drivers\atmepvcc.sys
NY -> gfhkj.ini -> %SystemRoot%\System32\gfhkj.ini
NY -> gfhkj.ini2 -> %SystemRoot%\System32\gfhkj.ini2
NY -> IDE2 -> %SystemRoot%\System32\IDE2
NY -> IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe
NY -> winpfz33.sys -> %SystemRoot%\System32\winpfz33.sys
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> ??mantec -> %UserProfile%\My Documents\Ѕуmantec
[Extra Files]
%SystemRoot%\System32\pinz1\* /s
Purity
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

If it reboots this may not happen. If you need to manually find the file it is at Desktop\OTScanIt\MovedFiles\04082008_163441.log or what ever yours is named(Date/Time you ran the fix)

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on the Start Scanning button at bottom of page.
  • Accept the License Agreement and the ActiveX install.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report to your Desktop for later posting.
[color="#FFA500"]
Please post
  • OTscan it "results" log (described above)
  • F-Secure log
  • Fresh OtScanIt log made after F-secure
in your next reply here

#6 capurp

capurp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 10 April 2008 - 05:57 PM

here are is the results of the F-secure scan, and the results of the OTscan are attached

Scanning Report
Thursday, April 10, 2008 05:53:13 - 13:24:43
Computer name: FAMILYCOMPUTER
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 2 malware found
Tracking Cookie (spyware)
System
Trojan-Downloader.Win32.VB.dsf (virus)
C:\WINDOWS\SYSTEM32\BHAREBIO01\BHAREBIO011065.EXE (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 39960
System: 3728
Not scanned: 9
Actions:
Disinfected: 0
Renamed: 1
Deleted: 0
None: 1
Submitted: 1
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\ATMEPVCC.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{D0DD6C52-04C0-4CDB-B299-9C129730EBB6}.BIN

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-04-10
F-Secure AVP: 7.0.171, 2008-04-09
F-Secure Pegasus: 1.20.0, 2008-02-28
F-Secure Blacklight: 1.0.64
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

#7 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 11 April 2008 - 06:27 AM

looks fantastic.

Start OtScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Malwarebytes Anti-Malware Reboot -> %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript]
[Files/Folders - Modified Within 30 days]
NY -> bharebio01 -> %SystemRoot%\System32\bharebio01
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 8 C:\Documents and Settings\HP_Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\*.tmp
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

No need to post the results for this one.
  • Make sure you have an Internet Connection.
  • Double-click OTScanIt.exe to run it. (Vista users, please right click on OTScanIt.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtScanIt to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 u5.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". (4th one down)
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windowsi586-p.exe to install the newest version.


Next let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It is free.

More info and download is available at links in the following article by TonyKlein

Make SURE to read How Did I Get Infected in the First Place??

#8 capurp

capurp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 11 April 2008 - 07:48 PM

Hey Jwbirdsong, thanks for all the help. The pop-ups have definately decreased, but there are still some pop-ups that still persist. They seldom appear but they're still there. Do you have any further advice? Thanks.

#9 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 13 April 2008 - 11:19 PM

Not sure what got past us..let's look a little deeper.

Re-download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
    (Vista users, please right click on OtScanIt.exe and select "Run as an Administrator")
  • Leave all the setting to the default except as noted below
  • Check the box for Scan all user accounts
  • Tic the bolt Drives Non-Microsoft
  • Tic the bolt Rootkit Search YES
  • Under Additional Scans sections, check the following
  • Select All
[*]Now click the Run Scan button on the toolbar.
[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Save that notepad file
[/list]Since the log is too large to post, use the ADDREPLY button, then scroll down to the attachments section and attach the notepad file here.

#10 capurp

capurp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 16 April 2008 - 08:51 PM

hey jwbirdsong, sorry for the long delay. Thanks again for all of your help, the log is attached below

Attached Files



#11 capurp

capurp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 16 April 2008 - 08:54 PM

OTScanIt.txt part two

Attached Files


Edited by capurp, 16 April 2008 - 09:06 PM.


#12 capurp

capurp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 16 April 2008 - 08:56 PM

Instead of spamming this thread, I'll just private message you the code?

Edited by capurp, 16 April 2008 - 08:58 PM.


#13 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 17 April 2008 - 06:17 AM

I still didn't get the entire file. Even with PM.

See if you can upload the entire file to HERE

#14 capurp

capurp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 17 April 2008 - 05:44 PM

Alright, got it, the file has been submitted.

#15 capurp

capurp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 01 May 2008 - 08:51 PM

Hey jwbirdsong, the file has been submitted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users