Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Major Help - Ie Popups - One Or More Trojans


  • Please log in to reply
11 replies to this topic

#1 mcanada

mcanada

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 18 July 2008 - 03:09 PM

I've got 1 or more trojans on my system. It shows itself by IE popups and also slow internet. I have tried different products attepmpting to remove it(them) with no luck. I am posting my Deckard/HijackThis log. Any help would be greatly appreciated.

Thank you in advance
Mark


Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-18 20:06:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:35 PM, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synergy\synergyc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\VisualTooltip21\VisualToolTip.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\palmOne\AlarmApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: {242c04b0-6f3c-03cb-68d4-c75b70b0b3a1} - {1a3b0b07-b57c-4d86-bc30-c3f60b40c242} - C:\WINDOWS\system32\wcfwkq.dll
O2 - BHO: targetedbanner browser optimizer - {1c7199b2-4af3-8301-2ae5-d7a3a1f3a168} - C:\WINDOWS\system32\yohikytclfvdx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {78F394D9-83FD-463A-814D-1B41CB1D6991} - C:\WINDOWS\system32\jkkJyWom.dll
O2 - BHO: (no name) - {82336A8D-6CD0-4647-B791-75FCA8CF2B39} - C:\WINDOWS\system32\opnnkkIc.dll
O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VisualTooltip] "C:\Program Files\VisualTooltip21\VisualToolTip.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [{d3233505-efd6-e847-0025-0c90104742b4}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\yohikytclfvdx.dll" DllStart
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized
O4 - HKLM\..\Run: [fcd9ef24] rundll32.exe "C:\WINDOWS\system32\uiutwymf.dll",b
O4 - HKLM\..\Run: [BMffeadcb8] Rundll32.exe "C:\WINDOWS\system32\uuekwbrc.dll",s
O4 - HKCU\..\Run: [Second Copy 2000] "C:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\palmOne\AlarmApp.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D62109BA-F8D9-4E79-A140-D0679571B74D}: NameServer = 85.255.115.107,85.255.112.217
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: opnnkkIc - C:\WINDOWS\SYSTEM32\opnnkkIc.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Synergy Client - Unknown owner - C:\Program Files\Synergy\synergyc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 11678 bytes

-- Files created between 2008-06-18 and 2008-07-18 -----------------------------

2008-07-18 15:13:53 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-18 11:48:16 81296 --a------ C:\WINDOWS\system32\uiutwymf.dll
2008-07-18 11:45:31 105328 --a------ C:\WINDOWS\system32\wcfwkq.dll
2008-07-18 11:45:30 105328 --a------ C:\WINDOWS\system32\yfeikbpc.dll
2008-07-18 11:43:44 91520 --a------ C:\WINDOWS\system32\uuekwbrc.dll
2008-07-18 11:42:51 864285 --ahs---- C:\WINDOWS\system32\moWyJkkj.ini2
2008-07-18 11:42:40 314688 -----n--- C:\WINDOWS\system32\jkkJyWom.dll
2008-07-18 10:45:53 0 d-------- C:\Program Files\Enigma Software Group
2008-07-18 10:33:24 105168 --a------ C:\WINDOWS\system32\amyjcl.dll
2008-07-18 10:33:23 105168 --a------ C:\WINDOWS\system32\opngerqt.dll
2008-07-18 10:31:05 91456 --a------ C:\WINDOWS\system32\mahglquf.dll
2008-07-18 07:11:58 849547 --ahs---- C:\WINDOWS\system32\VwyJSvut.ini2
2008-07-18 00:06:43 105200 --a------ C:\WINDOWS\system32\hizpqj.dll
2008-07-18 00:06:41 105200 --a------ C:\WINDOWS\system32\dyhjnefx.dll
2008-07-18 00:06:25 91440 --a------ C:\WINDOWS\system32\iwpvoisy.dll
2008-07-17 21:39:37 105200 --a------ C:\WINDOWS\system32\ihiqsg.dll
2008-07-17 21:39:36 105200 --a------ C:\WINDOWS\system32\jkjuwoqx.dll
2008-07-17 21:32:04 91440 --a------ C:\WINDOWS\system32\cxvdwcjg.dll
2008-07-17 21:10:18 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-17 21:10:18 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-17 21:10:18 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-07-17 21:10:17 153088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-07-17 21:10:17 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-17 21:10:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Simply Super Software
2008-07-17 20:36:42 105200 --a------ C:\WINDOWS\system32\nddijeqm.dll
2008-07-17 20:36:42 105200 --a------ C:\WINDOWS\system32\dtpncj.dll
2008-07-17 20:31:29 91440 --a------ C:\WINDOWS\system32\bllrgceb.dll
2008-07-17 15:01:48 0 d-------- C:\WINDOWS\system32\S?mantec
2008-07-17 14:56:03 25888 --a------ C:\WINDOWS\system32\xxywXoLF.dll
2008-07-17 14:56:03 25888 --a------ C:\WINDOWS\system32\rqRHArpQ.dll
2008-07-17 14:56:03 25888 --a------ C:\WINDOWS\system32\qoMCSkih.dll
2008-07-17 14:56:03 25888 --a------ C:\WINDOWS\system32\opnlMeDu.dll
2008-07-17 14:37:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-17 14:07:19 105200 --a------ C:\WINDOWS\system32\sprlht.dll
2008-07-17 14:07:18 105200 --a------ C:\WINDOWS\system32\jfpuewbt.dll
2008-07-17 13:56:58 91440 --a------ C:\WINDOWS\system32\xuaiibxu.dll
2008-07-17 13:56:18 849689 --ahs---- C:\WINDOWS\system32\FgiQYJlm.ini2
2008-07-17 12:44:29 105200 --a------ C:\WINDOWS\system32\vgmtsb.dll
2008-07-17 12:44:28 105200 --a------ C:\WINDOWS\system32\bngeeude.dll
2008-07-17 12:37:37 91440 --a------ C:\WINDOWS\system32\ccrcaieu.dll
2008-07-17 12:36:57 848456 --ahs---- C:\WINDOWS\system32\kTtEOXbc.ini2
2008-07-17 11:20:50 105200 --a------ C:\WINDOWS\system32\hyjtnx.dll
2008-07-17 11:20:49 105200 --a------ C:\WINDOWS\system32\urvpaivm.dll
2008-07-17 11:18:32 91440 --a------ C:\WINDOWS\system32\soojgvvh.dll
2008-07-17 11:17:49 848396 --ahs---- C:\WINDOWS\system32\UBabefii.ini2
2008-07-17 10:23:48 105200 --a------ C:\WINDOWS\system32\mcizvt.dll
2008-07-17 10:23:47 105200 --a------ C:\WINDOWS\system32\hlfiggxu.dll
2008-07-17 10:21:08 91440 --a------ C:\WINDOWS\system32\bieqqnjh.dll
2008-07-17 10:20:47 848095 --ahs---- C:\WINDOWS\system32\tstCbJjl.ini2
2008-07-17 08:22:00 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-16 14:08:28 25888 --a------ C:\WINDOWS\system32\qoMfefGA.dll
2008-07-16 14:08:28 25888 --a------ C:\WINDOWS\system32\nnNddDvt.dll
2008-07-16 14:08:27 25888 --a------ C:\WINDOWS\system32\khfcbcca.dll
2008-07-16 14:08:27 25888 --a------ C:\WINDOWS\system32\cbxwtsss.dll
2008-07-16 14:03:30 105264 --a------ C:\WINDOWS\system32\vikaxgjk.dll
2008-07-16 14:03:30 105264 --a------ C:\WINDOWS\system32\mbdmbs.dll
2008-07-16 14:00:30 91440 --a------ C:\WINDOWS\system32\ejawfirg.dll
2008-07-16 10:15:55 0 d-------- C:\WINDOWS\system32\3040
2008-07-16 09:27:07 105264 --a------ C:\WINDOWS\system32\eduggd.dll
2008-07-16 09:27:04 105264 --a------ C:\WINDOWS\system32\schemoxm.dll
2008-07-16 09:20:08 91440 --a------ C:\WINDOWS\system32\wpfecjfw.dll
2008-07-16 09:14:02 851507 --ahs---- C:\WINDOWS\system32\ffhilUvw.ini2
2008-07-16 09:13:28 45104 --a------ C:\WINDOWS\yoursearchnet_com.exe
2008-07-16 09:08:35 64841 --a------ C:\WINDOWS\system32\hjbfeizypklltebdm.exe
2008-07-16 09:08:03 0 d-------- C:\WINDOWS\system32\vdll
2008-07-16 09:08:03 0 d-------- C:\WINDOWS\system32\dv32
2008-07-16 09:08:03 0 d-------- C:\WINDOWS\system32\bin1
2008-07-16 09:08:03 0 d-------- C:\WINDOWS\system32\BDE
2008-07-16 09:07:55 25888 --a------ C:\WINDOWS\system32\ljJAqpMG.dll
2008-07-16 09:07:54 25888 --a------ C:\WINDOWS\system32\iifEuspp.dll
2008-07-16 09:07:53 25888 --a------ C:\WINDOWS\system32\tuvVMFwX.dll
2008-07-16 09:07:53 25888 --a------ C:\WINDOWS\system32\opnnkkIc.dll
2008-07-16 09:07:50 0 d-------- C:\WINDOWS\system32\aumsDK01
2008-07-11 10:19:25 0 d-------- C:\Documents and Settings\All Users\Application Data\TiVo
2008-07-08 11:10:44 158208 --a------ C:\WINDOWS\system32\yohikytclfvdx.dll
2008-06-26 13:37:23 0 d-------- C:\Program Files\GPLGS
2008-06-26 13:36:38 0 d-------- C:\Program Files\Acro Software


-- Find3M Report ---------------------------------------------------------------

2008-07-18 14:41:31 4040 --a------ C:\WINDOWS\17PHolmes572.exe
2008-07-17 15:01:47 0 d-------- C:\Program Files\Common Files
2008-07-17 10:51:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-16 09:09:01 4040 --a------ C:\WINDOWS\17PHolmes1000106.exe
2008-07-16 03:00:05 0 d-------- C:\Program Files\SecCopy
2008-07-15 04:14:00 0 d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-07-03 09:40:43 0 d-------- C:\Program Files\palmOne
2008-06-24 08:59:33 0 d-------- C:\Program Files\MioNet
2008-06-21 10:14:35 0 d-------- C:\Program Files\XoftSpySE
2008-06-12 17:16:01 0 d-------- C:\Program Files\Network Probe 2
2008-05-28 23:21:01 0 d-------- C:\Program Files\TightVNC
2008-05-26 09:22:56 0 d-------- C:\Program Files\InterActual
2008-05-22 17:34:13 0 d-------- C:\Program Files\Roxio
2008-05-22 17:34:00 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-22 17:31:33 0 d-------- C:\Program Files\Common Files\Roxio Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown



-- End of Deckard's System Scanner: finished at 2008-07-18 20:06:46 ------------

BC AdBot (Login to Remove)

 


#2 mcanada

mcanada
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 20 July 2008 - 08:05 AM

It's been a couple of days and I thought I would give myself a bump by posting a new Deckard Log. I see this is a very busy forum and that is great, so any help would be appreciated.

Thank you in advance!
Mark




Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-20 13:00:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:26 AM, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synergy\synergyc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\VisualTooltip21\VisualToolTip.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\palmOne\AlarmApp.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: targetedbanner browser optimizer - {1c7199b2-4af3-8301-2ae5-d7a3a1f3a168} - C:\WINDOWS\system32\yohikytclfvdx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {78F394D9-83FD-463A-814D-1B41CB1D6991} - C:\WINDOWS\system32\jkkJyWom.dll (file missing)
O2 - BHO: (no name) - {7DF26832-C5F8-4BD5-A89E-E6F4F97545B2} - C:\WINDOWS\system32\mlJDsSjk.dll
O2 - BHO: (no name) - {82336A8D-6CD0-4647-B791-75FCA8CF2B39} - C:\WINDOWS\system32\opnnkkIc.dll
O2 - BHO: {183e7d14-82e3-8b8a-a884-461756dd7cb9} - {9bc7dd65-7164-488a-a8b8-3e2841d7e381} - C:\WINDOWS\system32\sprtcx.dll
O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VisualTooltip] "C:\Program Files\VisualTooltip21\VisualToolTip.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized
O4 - HKLM\..\Run: [BMffeadcb8] Rundll32.exe "C:\WINDOWS\system32\wlquvmca.dll",s
O4 - HKLM\..\Run: [{d3233505-efd6-e847-0025-0c90104742b4}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\yohikytclfvdx.dll" DllStart
O4 - HKCU\..\Run: [Second Copy 2000] "C:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\palmOne\AlarmApp.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D62109BA-F8D9-4E79-A140-D0679571B74D}: NameServer = 85.255.115.107,85.255.112.217
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: opnnkkIc - C:\WINDOWS\SYSTEM32\opnnkkIc.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Synergy Client - Unknown owner - C:\Program Files\Synergy\synergyc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 11534 bytes

-- Files created between 2008-06-20 and 2008-07-20 -----------------------------

2008-07-20 08:55:38 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-19 13:35:18 81264 --a------ C:\WINDOWS\system32\gtnaurwq.dll
2008-07-19 13:33:04 105296 --a------ C:\WINDOWS\system32\sprtcx.dll
2008-07-19 13:33:03 105296 --a------ C:\WINDOWS\system32\yiksvbej.dll
2008-07-19 13:32:55 91456 --a------ C:\WINDOWS\system32\wlquvmca.dll
2008-07-19 13:32:13 851016 --ahs---- C:\WINDOWS\system32\kjSsDJlm.ini2
2008-07-19 13:32:09 314656 --a------ C:\WINDOWS\system32\mlJDsSjk.dll
2008-07-19 13:23:09 105296 --a------ C:\WINDOWS\system32\uqllnh.dll
2008-07-19 13:23:06 105296 --a------ C:\WINDOWS\system32\nxcbwbyx.dll
2008-07-19 13:22:57 91456 --a------ C:\WINDOWS\system32\fnkrrwjw.dll
2008-07-18 11:45:30 105328 --a------ C:\WINDOWS\system32\yfeikbpc.dll
2008-07-18 11:43:44 91520 --a------ C:\WINDOWS\system32\uuekwbrc.dll
2008-07-18 11:42:51 850500 --ahs---- C:\WINDOWS\system32\moWyJkkj.ini2
2008-07-18 10:45:53 0 d-------- C:\Program Files\Enigma Software Group
2008-07-18 10:33:24 105168 --a------ C:\WINDOWS\system32\amyjcl.dll
2008-07-18 10:33:23 105168 --a------ C:\WINDOWS\system32\opngerqt.dll
2008-07-18 10:31:05 91456 --a------ C:\WINDOWS\system32\mahglquf.dll
2008-07-18 07:11:58 849547 --ahs---- C:\WINDOWS\system32\VwyJSvut.ini2
2008-07-18 00:06:43 105200 --a------ C:\WINDOWS\system32\hizpqj.dll
2008-07-18 00:06:41 105200 --a------ C:\WINDOWS\system32\dyhjnefx.dll
2008-07-18 00:06:25 91440 --a------ C:\WINDOWS\system32\iwpvoisy.dll
2008-07-17 21:39:37 105200 --a------ C:\WINDOWS\system32\ihiqsg.dll
2008-07-17 21:39:36 105200 --a------ C:\WINDOWS\system32\jkjuwoqx.dll
2008-07-17 21:32:04 91440 --a------ C:\WINDOWS\system32\cxvdwcjg.dll
2008-07-17 21:10:18 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-17 21:10:18 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-17 21:10:18 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-07-17 21:10:17 153088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-07-17 21:10:17 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-17 21:10:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Simply Super Software
2008-07-17 20:36:42 105200 --a------ C:\WINDOWS\system32\nddijeqm.dll
2008-07-17 20:36:42 105200 --a------ C:\WINDOWS\system32\dtpncj.dll
2008-07-17 20:31:29 91440 --a------ C:\WINDOWS\system32\bllrgceb.dll
2008-07-17 15:01:48 0 d-------- C:\WINDOWS\system32\S?mantec
2008-07-17 14:56:03 25888 --a------ C:\WINDOWS\system32\xxywXoLF.dll
2008-07-17 14:56:03 25888 --a------ C:\WINDOWS\system32\rqRHArpQ.dll
2008-07-17 14:56:03 25888 --a------ C:\WINDOWS\system32\qoMCSkih.dll
2008-07-17 14:56:03 25888 --a------ C:\WINDOWS\system32\opnlMeDu.dll
2008-07-17 14:37:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-17 14:07:19 105200 --a------ C:\WINDOWS\system32\sprlht.dll
2008-07-17 14:07:18 105200 --a------ C:\WINDOWS\system32\jfpuewbt.dll
2008-07-17 13:56:58 91440 --a------ C:\WINDOWS\system32\xuaiibxu.dll
2008-07-17 13:56:18 849689 --ahs---- C:\WINDOWS\system32\FgiQYJlm.ini2
2008-07-17 12:44:29 105200 --a------ C:\WINDOWS\system32\vgmtsb.dll
2008-07-17 12:44:28 105200 --a------ C:\WINDOWS\system32\bngeeude.dll
2008-07-17 12:37:37 91440 --a------ C:\WINDOWS\system32\ccrcaieu.dll
2008-07-17 12:36:57 848456 --ahs---- C:\WINDOWS\system32\kTtEOXbc.ini2
2008-07-17 11:20:50 105200 --a------ C:\WINDOWS\system32\hyjtnx.dll
2008-07-17 11:20:49 105200 --a------ C:\WINDOWS\system32\urvpaivm.dll
2008-07-17 11:18:32 91440 --a------ C:\WINDOWS\system32\soojgvvh.dll
2008-07-17 11:17:49 848396 --ahs---- C:\WINDOWS\system32\UBabefii.ini2
2008-07-17 10:23:48 105200 --a------ C:\WINDOWS\system32\mcizvt.dll
2008-07-17 10:23:47 105200 --a------ C:\WINDOWS\system32\hlfiggxu.dll
2008-07-17 10:21:08 91440 --a------ C:\WINDOWS\system32\bieqqnjh.dll
2008-07-17 10:20:47 848095 --ahs---- C:\WINDOWS\system32\tstCbJjl.ini2
2008-07-17 08:22:00 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-16 14:08:28 25888 --a------ C:\WINDOWS\system32\qoMfefGA.dll
2008-07-16 14:08:28 25888 --a------ C:\WINDOWS\system32\nnNddDvt.dll
2008-07-16 14:08:27 25888 --a------ C:\WINDOWS\system32\khfcbcca.dll
2008-07-16 14:08:27 25888 --a------ C:\WINDOWS\system32\cbxwtsss.dll
2008-07-16 14:03:30 105264 --a------ C:\WINDOWS\system32\vikaxgjk.dll
2008-07-16 14:03:30 105264 --a------ C:\WINDOWS\system32\mbdmbs.dll
2008-07-16 14:00:30 91440 --a------ C:\WINDOWS\system32\ejawfirg.dll
2008-07-16 10:15:55 0 d-------- C:\WINDOWS\system32\3040
2008-07-16 09:27:07 105264 --a------ C:\WINDOWS\system32\eduggd.dll
2008-07-16 09:27:04 105264 --a------ C:\WINDOWS\system32\schemoxm.dll
2008-07-16 09:20:08 91440 --a------ C:\WINDOWS\system32\wpfecjfw.dll
2008-07-16 09:14:02 851507 --ahs---- C:\WINDOWS\system32\ffhilUvw.ini2
2008-07-16 09:13:28 45104 --a------ C:\WINDOWS\yoursearchnet_com.exe
2008-07-16 09:08:35 64841 --a------ C:\WINDOWS\system32\hjbfeizypklltebdm.exe
2008-07-16 09:08:03 0 d-------- C:\WINDOWS\system32\vdll
2008-07-16 09:08:03 0 d-------- C:\WINDOWS\system32\dv32
2008-07-16 09:08:03 0 d-------- C:\WINDOWS\system32\bin1
2008-07-16 09:08:03 0 d-------- C:\WINDOWS\system32\BDE
2008-07-16 09:07:55 25888 --a------ C:\WINDOWS\system32\ljJAqpMG.dll
2008-07-16 09:07:54 25888 --a------ C:\WINDOWS\system32\iifEuspp.dll
2008-07-16 09:07:53 25888 --a------ C:\WINDOWS\system32\tuvVMFwX.dll
2008-07-16 09:07:53 25888 --a------ C:\WINDOWS\system32\opnnkkIc.dll
2008-07-16 09:07:50 0 d-------- C:\WINDOWS\system32\aumsDK01
2008-07-11 10:19:25 0 d-------- C:\Documents and Settings\All Users\Application Data\TiVo
2008-07-08 11:10:44 158208 --a------ C:\WINDOWS\system32\yohikytclfvdx.dll
2008-06-26 13:37:23 0 d-------- C:\Program Files\GPLGS
2008-06-26 13:36:38 0 d-------- C:\Program Files\Acro Software


-- Find3M Report ---------------------------------------------------------------

2008-07-19 20:22:24 4040 --a------ C:\WINDOWS\17PHolmes572.exe
2008-07-18 23:21:06 0 d-------- C:\Program Files\LimeWire
2008-07-17 15:01:47 0 d-------- C:\Program Files\Common Files
2008-07-17 10:51:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-16 09:09:01 4040 --a------ C:\WINDOWS\17PHolmes1000106.exe
2008-07-16 03:00:05 0 d-------- C:\Program Files\SecCopy
2008-07-15 04:14:00 0 d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-07-03 09:40:43 0 d-------- C:\Program Files\palmOne
2008-06-24 08:59:33 0 d-------- C:\Program Files\MioNet
2008-06-21 10:14:35 0 d-------- C:\Program Files\XoftSpySE
2008-06-12 17:16:01 0 d-------- C:\Program Files\Network Probe 2
2008-05-28 23:21:01 0 d-------- C:\Program Files\TightVNC
2008-05-26 09:22:56 0 d-------- C:\Program Files\InterActual
2008-05-22 17:34:13 0 d-------- C:\Program Files\Roxio
2008-05-22 17:34:00 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-22 17:31:33 0 d-------- C:\Program Files\Common Files\Roxio Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown



-- End of Deckard's System Scanner: finished at 2008-07-20 13:00:36 ------------

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:02 PM

Posted 20 July 2008 - 06:00 PM

Hello mcanada and welcome to BC. That looks like all kinds of fun stuff in there. Let's see what else we can find. Follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 mcanada

mcanada
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 20 July 2008 - 09:24 PM

Thanks OT for your response. I've performed all the steps you requested and attached is the OTScanIt text output with the specified options. I await your response.

Mark

Attached Files



#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:02 PM

Posted 20 July 2008 - 10:02 PM

Hi mcanada. I was right, there is alot of fun stuff in there! Let's see what we can do with it. Follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
PlugPlayRPC
Files to delete:
%commonprogramfiles%\yazzle1281oinuninstaller.exe
%systemroot%\17pholmes1000106.exe
%systemroot%\17pholmes572.exe
%systemroot%\444.470
%systemroot%\bmffeadcb8.xml
%systemroot%\mainms.vpi
%systemroot%\portsv.exe
%systemroot%\pskt.ini
%systemroot%\system32\amyjcl.dll
%systemroot%\system32\bieqqnjh.dll
%systemroot%\system32\bllrgceb.dll
%systemroot%\system32\bngeeude.dll
%systemroot%\system32\byxrhiat.dll
%systemroot%\system32\cbxwtsss.dll
%systemroot%\system32\ccrcaieu.dll
%systemroot%\system32\cpwmon2k.dll
%systemroot%\system32\cxvdwcjg.dll
%systemroot%\system32\dgjsineq.dll.vir
%systemroot%\system32\drivers\core.cache.dsk.vir
%systemroot%\system32\dtpncj.dll
%systemroot%\system32\dyhjnefx.dll
%systemroot%\system32\eduggd.dll
%systemroot%\system32\ejawfirg.dll
%systemroot%\system32\ewbstbeo.ini
%systemroot%\system32\fcccyysm.dll
%systemroot%\system32\fffod.dll
%systemroot%\system32\ffhiluvw.ini
%systemroot%\system32\ffhiluvw.ini2
%systemroot%\system32\fgiqyjlm.ini
%systemroot%\system32\fgiqyjlm.ini2
%systemroot%\system32\fmywtuiu.ini
%systemroot%\system32\fnkrrwjw.dll
%systemroot%\system32\gtnaurwq.dll
%systemroot%\system32\hizpqj.dll
%systemroot%\system32\hjbfeizypklltebdm.exe
%systemroot%\system32\hlfiggxu.dll
%systemroot%\system32\hyjtnx.dll
%systemroot%\system32\ihiqsg.dll
%systemroot%\system32\iifeuspp.dll
%systemroot%\system32\ikpnuwsi.dll.vir
%systemroot%\system32\inrihcvx.ini
%systemroot%\system32\iwgumlmo.dll.vir
%systemroot%\system32\iwpvoisy.dll
%systemroot%\system32\jfpuewbt.dll
%systemroot%\system32\jkjuwoqx.dll
%systemroot%\system32\jkkhwoef.dll.vir
%systemroot%\system32\khfcbcca.dll
%systemroot%\system32\kjssdjlm.ini
%systemroot%\system32\kjssdjlm.ini2
%systemroot%\system32\kkafphuv.ini
%systemroot%\system32\ktteoxbc.ini
%systemroot%\system32\ktteoxbc.ini2
%systemroot%\system32\ljjaqpmg.dll
%systemroot%\system32\mahglquf.dll
%systemroot%\system32\mbdmbs.dll
%systemroot%\system32\mcizvt.dll
%systemroot%\system32\mljdssjk.dll
%systemroot%\system32\mljyrooi.dll
%systemroot%\system32\mowyjkkj.ini
%systemroot%\system32\mowyjkkj.ini2
%systemroot%\system32\nakvtctm.ini
%systemroot%\system32\navnawyq.ini
%systemroot%\system32\nddijeqm.dll
%systemroot%\system32\nnndddvt.dll
%systemroot%\system32\nxcbwbyx.dll
%systemroot%\system32\oebtsbwe.dll
%systemroot%\system32\opngerqt.dll
%systemroot%\system32\opnlmedu.dll
%systemroot%\system32\opnnkkic.dll
%systemroot%\system32\qomcskih.dll
%systemroot%\system32\qomfefga.dll
%systemroot%\system32\qwruantg.ini
%systemroot%\system32\rjmfawos.dll
%systemroot%\system32\rqrharpq.dll
%systemroot%\system32\rswmqlhs.ini
%systemroot%\system32\schemoxm.dll
%systemroot%\system32\sideujyk.dll
%systemroot%\system32\sknnvehi.ini
%systemroot%\system32\soojgvvh.dll
%systemroot%\system32\sprlht.dll
%systemroot%\system32\sprtcx.dll
%systemroot%\system32\ssqqggwm.dll.vir
%systemroot%\system32\stpfwp.dll
%systemroot%\system32\sуmantec\taskmgr.exe
%systemroot%\system32\toyhide.bmp
%systemroot%\system32\tstcbjjl.ini
%systemroot%\system32\tstcbjjl.ini2
%systemroot%\system32\tuvsjywv.dll.vir
%systemroot%\system32\tuvvmfwx.dll
%systemroot%\system32\tuvwommc.dll
%systemroot%\system32\ubabefii.ini
%systemroot%\system32\ubabefii.ini2
%systemroot%\system32\uqllnh.dll
%systemroot%\system32\urvpaivm.dll
%systemroot%\system32\uuekwbrc.dll
%systemroot%\system32\vgmtsb.dll
%systemroot%\system32\vikaxgjk.dll
%systemroot%\system32\vwyjsvut.ini
%systemroot%\system32\vwyjsvut.ini2
%systemroot%\system32\wlquvmca.dll
%systemroot%\system32\wpfecjfw.dll
%systemroot%\system32\xuaiibxu.dll
%systemroot%\system32\xxywxolf.dll
%systemroot%\system32\yfeikbpc.dll
%systemroot%\system32\yiksvbej.dll
%systemroot%\system32\yohikytclfvdx.dll
%systemroot%\system32\аѕsembly\dеxplore.exe
%systemroot%\yoursearchnet_com.exe
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat
Folders to delete:
%programfiles%\antimalwareguard
%programfiles%\outerinfo
%systemdrive%\tempi
%systemroot%\system32\3040
%systemroot%\system32\aumsdk01
%systemroot%\system32\bin1
%systemroot%\system32\carh01
%systemroot%\system32\dv32
%systemroot%\system32\vdll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> taskmgr.exe -> %SystemRoot%\system32\Sуmantec\taskmgr.exe
YY -> dеxplore.exe -> %SystemRoot%\system32\аѕsembly\dеxplore.exe
[Win32 Services - Non-Microsoft Only]
YY -> (PlugPlayRPC) Plug and Play (RPC) [Win32_Shared | Auto | Stopped] -> %SystemRoot%\portsv.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ~EmptyValue -> []
YY -> {d3233505-efd6-e847-0025-0c90104742b4} -> %SystemRoot%\system32\yohikytclfvdx.dll [C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\yohikytclfvdx.dll" DllStart]
YY -> BMffeadcb8 -> %SystemRoot%\system32\rjmfawos.dll [Rundll32.exe "C:\WINDOWS\system32\rjmfawos.dll",s]
YY -> fcd9ef24 -> %SystemRoot%\system32\oebtsbwe.dll [rundll32.exe "C:\WINDOWS\system32\oebtsbwe.dll",b]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Ealb -> %SystemRoot%\system32\Sуmantec\taskmgr.exe ["C:\WINDOWS\system32\SMANTE~1\taskmgr.exe" -vt yazb]
YY -> Sojkv -> %SystemRoot%\system32\аѕsembly\dеxplore.exe [C:\WINDOWS\system32\аѕsembly\dеxplore.exe]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {82336A8D-6CD0-4647-B791-75FCA8CF2B39} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\opnnkkIc.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> opnnkkIc -> %SystemRoot%\system32\opnnkkIc.dll
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {1c7199b2-4af3-8301-2ae5-d7a3a1f3a168} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\yohikytclfvdx.dll [targetedbanner browser optimizer]
YY -> {77DFECAB-693E-4524-BF05-4CE4C24C16CB} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mlJDsSjk.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {78F394D9-83FD-463A-814D-1B41CB1D6991} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\jkkJyWom.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {81d44a22-28ab-4efa-9d92-c69a5a5a4e2a} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\stpfwp.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {82336A8D-6CD0-4647-B791-75FCA8CF2B39} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\opnnkkIc.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {F111CD1C-56FB-087E-FD3E-0EA2EDED1ACB} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\fffod.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{55FAF0F2-44D4-425F-B5F5-6B275B621EAB} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> {D62109BA-F8D9-4E79-A140-D0679571B74D} -> 85.255.115.107,85.255.112.217   (Realtek RTL8139/810x Family Fast Ethernet NIC)
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\mlJDsSjk -> %SystemRoot%\system32\mlJDsSjk.dll
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire]
[Files/Folders - Created Within 30 days]
NY -> core.cache.dsk.vir -> %SystemRoot%\System32\drivers\core.cache.dsk.vir
NY -> 3040 -> %SystemRoot%\System32\3040
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> amyjcl.dll -> %SystemRoot%\System32\amyjcl.dll
NY -> aumsDK01 -> %SystemRoot%\System32\aumsDK01
NY -> bieqqnjh.dll -> %SystemRoot%\System32\bieqqnjh.dll
NY -> bin1 -> %SystemRoot%\System32\bin1
NY -> bllrgceb.dll -> %SystemRoot%\System32\bllrgceb.dll
NY -> bngeeude.dll -> %SystemRoot%\System32\bngeeude.dll
NY -> byXRhIAT.dll -> %SystemRoot%\System32\byXRhIAT.dll
NY -> carH01 -> %SystemRoot%\System32\carH01
NY -> cbxwtsss.dll -> %SystemRoot%\System32\cbxwtsss.dll
NY -> ccrcaieu.dll -> %SystemRoot%\System32\ccrcaieu.dll
NY -> cpwmon2k.dll -> %SystemRoot%\System32\cpwmon2k.dll
NY -> cxvdwcjg.dll -> %SystemRoot%\System32\cxvdwcjg.dll
NY -> dgjsineq.dll.vir -> %SystemRoot%\System32\dgjsineq.dll.vir
NY -> dtpncj.dll -> %SystemRoot%\System32\dtpncj.dll
NY -> dv32 -> %SystemRoot%\System32\dv32
NY -> dyhjnefx.dll -> %SystemRoot%\System32\dyhjnefx.dll
NY -> eduggd.dll -> %SystemRoot%\System32\eduggd.dll
NY -> ejawfirg.dll -> %SystemRoot%\System32\ejawfirg.dll
NY -> ewbstbeo.ini -> %SystemRoot%\System32\ewbstbeo.ini
NY -> fcccyYSM.dll -> %SystemRoot%\System32\fcccyYSM.dll
NY -> fffod.dll -> %SystemRoot%\System32\fffod.dll
NY -> ffhilUvw.ini -> %SystemRoot%\System32\ffhilUvw.ini
NY -> ffhilUvw.ini2 -> %SystemRoot%\System32\ffhilUvw.ini2
NY -> FgiQYJlm.ini -> %SystemRoot%\System32\FgiQYJlm.ini
NY -> FgiQYJlm.ini2 -> %SystemRoot%\System32\FgiQYJlm.ini2
NY -> fmywtuiu.ini -> %SystemRoot%\System32\fmywtuiu.ini
NY -> fnkrrwjw.dll -> %SystemRoot%\System32\fnkrrwjw.dll
NY -> gtnaurwq.dll -> %SystemRoot%\System32\gtnaurwq.dll
NY -> hizpqj.dll -> %SystemRoot%\System32\hizpqj.dll
NY -> hjbfeizypklltebdm.exe -> %SystemRoot%\System32\hjbfeizypklltebdm.exe
NY -> hlfiggxu.dll -> %SystemRoot%\System32\hlfiggxu.dll
NY -> hyjtnx.dll -> %SystemRoot%\System32\hyjtnx.dll
NY -> ihiqsg.dll -> %SystemRoot%\System32\ihiqsg.dll
NY -> iifEuspp.dll -> %SystemRoot%\System32\iifEuspp.dll
NY -> ikpnuwsi.dll.vir -> %SystemRoot%\System32\ikpnuwsi.dll.vir
NY -> inrihcvx.ini -> %SystemRoot%\System32\inrihcvx.ini
NY -> iwgumlmo.dll.vir -> %SystemRoot%\System32\iwgumlmo.dll.vir
NY -> iwpvoisy.dll -> %SystemRoot%\System32\iwpvoisy.dll
NY -> jfpuewbt.dll -> %SystemRoot%\System32\jfpuewbt.dll
NY -> jkjuwoqx.dll -> %SystemRoot%\System32\jkjuwoqx.dll
NY -> jkkHWOeF.dll.vir -> %SystemRoot%\System32\jkkHWOeF.dll.vir
NY -> khfcbcca.dll -> %SystemRoot%\System32\khfcbcca.dll
NY -> kjSsDJlm.ini -> %SystemRoot%\System32\kjSsDJlm.ini
NY -> kjSsDJlm.ini2 -> %SystemRoot%\System32\kjSsDJlm.ini2
NY -> kkafphuv.ini -> %SystemRoot%\System32\kkafphuv.ini
NY -> kTtEOXbc.ini -> %SystemRoot%\System32\kTtEOXbc.ini
NY -> kTtEOXbc.ini2 -> %SystemRoot%\System32\kTtEOXbc.ini2
NY -> ljJAqpMG.dll -> %SystemRoot%\System32\ljJAqpMG.dll
NY -> mahglquf.dll -> %SystemRoot%\System32\mahglquf.dll
NY -> mbdmbs.dll -> %SystemRoot%\System32\mbdmbs.dll
NY -> mcizvt.dll -> %SystemRoot%\System32\mcizvt.dll
NY -> mlJDsSjk.dll -> %SystemRoot%\System32\mlJDsSjk.dll
NY -> mlJYroOI.dll -> %SystemRoot%\System32\mlJYroOI.dll
NY -> moWyJkkj.ini -> %SystemRoot%\System32\moWyJkkj.ini
NY -> moWyJkkj.ini2 -> %SystemRoot%\System32\moWyJkkj.ini2
NY -> nakvtctm.ini -> %SystemRoot%\System32\nakvtctm.ini
NY -> navnawyq.ini -> %SystemRoot%\System32\navnawyq.ini
NY -> nddijeqm.dll -> %SystemRoot%\System32\nddijeqm.dll
NY -> nnNddDvt.dll -> %SystemRoot%\System32\nnNddDvt.dll
NY -> nxcbwbyx.dll -> %SystemRoot%\System32\nxcbwbyx.dll
NY -> oebtsbwe.dll -> %SystemRoot%\System32\oebtsbwe.dll
NY -> opngerqt.dll -> %SystemRoot%\System32\opngerqt.dll
NY -> opnlMeDu.dll -> %SystemRoot%\System32\opnlMeDu.dll
NY -> opnnkkIc.dll -> %SystemRoot%\System32\opnnkkIc.dll
NY -> qoMCSkih.dll -> %SystemRoot%\System32\qoMCSkih.dll
NY -> qoMfefGA.dll -> %SystemRoot%\System32\qoMfefGA.dll
NY -> qwruantg.ini -> %SystemRoot%\System32\qwruantg.ini
NY -> rjmfawos.dll -> %SystemRoot%\System32\rjmfawos.dll
NY -> rqRHArpQ.dll -> %SystemRoot%\System32\rqRHArpQ.dll
NY -> rswmqlhs.ini -> %SystemRoot%\System32\rswmqlhs.ini
NY -> schemoxm.dll -> %SystemRoot%\System32\schemoxm.dll
NY -> sideujyk.dll -> %SystemRoot%\System32\sideujyk.dll
NY -> sknnvehi.ini -> %SystemRoot%\System32\sknnvehi.ini
NY -> soojgvvh.dll -> %SystemRoot%\System32\soojgvvh.dll
NY -> sprlht.dll -> %SystemRoot%\System32\sprlht.dll
NY -> sprtcx.dll -> %SystemRoot%\System32\sprtcx.dll
NY -> ssqQgGWM.dll.vir -> %SystemRoot%\System32\ssqQgGWM.dll.vir
NY -> stpfwp.dll -> %SystemRoot%\System32\stpfwp.dll
NY -> S?mantec -> %SystemRoot%\System32\Sуmantec
NY -> tstCbJjl.ini -> %SystemRoot%\System32\tstCbJjl.ini
NY -> tstCbJjl.ini2 -> %SystemRoot%\System32\tstCbJjl.ini2
NY -> tuvSJywV.dll.vir -> %SystemRoot%\System32\tuvSJywV.dll.vir
NY -> tuvVMFwX.dll -> %SystemRoot%\System32\tuvVMFwX.dll
NY -> tuvWomMC.dll -> %SystemRoot%\System32\tuvWomMC.dll
NY -> UBabefii.ini -> %SystemRoot%\System32\UBabefii.ini
NY -> UBabefii.ini2 -> %SystemRoot%\System32\UBabefii.ini2
NY -> uqllnh.dll -> %SystemRoot%\System32\uqllnh.dll
NY -> urvpaivm.dll -> %SystemRoot%\System32\urvpaivm.dll
NY -> uuekwbrc.dll -> %SystemRoot%\System32\uuekwbrc.dll
NY -> vdll -> %SystemRoot%\System32\vdll
NY -> vgmtsb.dll -> %SystemRoot%\System32\vgmtsb.dll
NY -> vikaxgjk.dll -> %SystemRoot%\System32\vikaxgjk.dll
NY -> VwyJSvut.ini -> %SystemRoot%\System32\VwyJSvut.ini
NY -> VwyJSvut.ini2 -> %SystemRoot%\System32\VwyJSvut.ini2
NY -> wlquvmca.dll -> %SystemRoot%\System32\wlquvmca.dll
NY -> wpfecjfw.dll -> %SystemRoot%\System32\wpfecjfw.dll
NY -> xuaiibxu.dll -> %SystemRoot%\System32\xuaiibxu.dll
NY -> xxywXoLF.dll -> %SystemRoot%\System32\xxywXoLF.dll
NY -> yfeikbpc.dll -> %SystemRoot%\System32\yfeikbpc.dll
NY -> yiksvbej.dll -> %SystemRoot%\System32\yiksvbej.dll
NY -> yohikytclfvdx.dll -> %SystemRoot%\System32\yohikytclfvdx.dll
NY -> ??sembly -> %SystemRoot%\System32\аѕsembly
NY -> 444.470 -> %SystemRoot%\444.470
NY -> mainms.vpi -> %SystemRoot%\mainms.vpi
NY -> pskt.ini -> %SystemRoot%\pskt.ini
NY -> yoursearchnet_com.exe -> %SystemRoot%\yoursearchnet_com.exe
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> ?ymantec -> %UserProfile%\My Documents\Ѕymantec
NY -> Yazzle1281OinUninstaller.exe -> %CommonProgramFiles%\Yazzle1281OinUninstaller.exe
NY -> AntiMalwareGuard -> %ProgramFiles%\AntiMalwareGuard
NY -> Outerinfo -> %ProgramFiles%\Outerinfo
[Files/Folders - Modified Within 30 days]
NY -> TempI -> %SystemDrive%\TempI
NY -> core.cache.dsk.vir -> %SystemRoot%\System32\drivers\core.cache.dsk.vir
NY -> 3040 -> %SystemRoot%\System32\3040
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> amyjcl.dll -> %SystemRoot%\System32\amyjcl.dll
NY -> aumsDK01 -> %SystemRoot%\System32\aumsDK01
NY -> bieqqnjh.dll -> %SystemRoot%\System32\bieqqnjh.dll
NY -> bin1 -> %SystemRoot%\System32\bin1
NY -> bllrgceb.dll -> %SystemRoot%\System32\bllrgceb.dll
NY -> bngeeude.dll -> %SystemRoot%\System32\bngeeude.dll
NY -> byXRhIAT.dll -> %SystemRoot%\System32\byXRhIAT.dll
NY -> carH01 -> %SystemRoot%\System32\carH01
NY -> cbxwtsss.dll -> %SystemRoot%\System32\cbxwtsss.dll
NY -> ccrcaieu.dll -> %SystemRoot%\System32\ccrcaieu.dll
NY -> cxvdwcjg.dll -> %SystemRoot%\System32\cxvdwcjg.dll
NY -> dgjsineq.dll.vir -> %SystemRoot%\System32\dgjsineq.dll.vir
NY -> dtpncj.dll -> %SystemRoot%\System32\dtpncj.dll
NY -> dv32 -> %SystemRoot%\System32\dv32
NY -> dyhjnefx.dll -> %SystemRoot%\System32\dyhjnefx.dll
NY -> eduggd.dll -> %SystemRoot%\System32\eduggd.dll
NY -> ejawfirg.dll -> %SystemRoot%\System32\ejawfirg.dll
NY -> ewbstbeo.ini -> %SystemRoot%\System32\ewbstbeo.ini
NY -> fcccyYSM.dll -> %SystemRoot%\System32\fcccyYSM.dll
NY -> ffhilUvw.ini -> %SystemRoot%\System32\ffhilUvw.ini
NY -> ffhilUvw.ini2 -> %SystemRoot%\System32\ffhilUvw.ini2
NY -> FgiQYJlm.ini -> %SystemRoot%\System32\FgiQYJlm.ini
NY -> FgiQYJlm.ini2 -> %SystemRoot%\System32\FgiQYJlm.ini2
NY -> fmywtuiu.ini -> %SystemRoot%\System32\fmywtuiu.ini
NY -> fnkrrwjw.dll -> %SystemRoot%\System32\fnkrrwjw.dll
NY -> gtnaurwq.dll -> %SystemRoot%\System32\gtnaurwq.dll
NY -> hizpqj.dll -> %SystemRoot%\System32\hizpqj.dll
NY -> hjbfeizypklltebdm.exe -> %SystemRoot%\System32\hjbfeizypklltebdm.exe
NY -> hlfiggxu.dll -> %SystemRoot%\System32\hlfiggxu.dll
NY -> hyjtnx.dll -> %SystemRoot%\System32\hyjtnx.dll
NY -> ihiqsg.dll -> %SystemRoot%\System32\ihiqsg.dll
NY -> iifEuspp.dll -> %SystemRoot%\System32\iifEuspp.dll
NY -> ikpnuwsi.dll.vir -> %SystemRoot%\System32\ikpnuwsi.dll.vir
NY -> inrihcvx.ini -> %SystemRoot%\System32\inrihcvx.ini
NY -> iwgumlmo.dll.vir -> %SystemRoot%\System32\iwgumlmo.dll.vir
NY -> iwpvoisy.dll -> %SystemRoot%\System32\iwpvoisy.dll
NY -> jfpuewbt.dll -> %SystemRoot%\System32\jfpuewbt.dll
NY -> jkjuwoqx.dll -> %SystemRoot%\System32\jkjuwoqx.dll
NY -> jkkHWOeF.dll.vir -> %SystemRoot%\System32\jkkHWOeF.dll.vir
NY -> khfcbcca.dll -> %SystemRoot%\System32\khfcbcca.dll
NY -> kjSsDJlm.ini -> %SystemRoot%\System32\kjSsDJlm.ini
NY -> kjSsDJlm.ini2 -> %SystemRoot%\System32\kjSsDJlm.ini2
NY -> kkafphuv.ini -> %SystemRoot%\System32\kkafphuv.ini
NY -> kTtEOXbc.ini -> %SystemRoot%\System32\kTtEOXbc.ini
NY -> kTtEOXbc.ini2 -> %SystemRoot%\System32\kTtEOXbc.ini2
NY -> ljJAqpMG.dll -> %SystemRoot%\System32\ljJAqpMG.dll
NY -> mahglquf.dll -> %SystemRoot%\System32\mahglquf.dll
NY -> mbdmbs.dll -> %SystemRoot%\System32\mbdmbs.dll
NY -> mcizvt.dll -> %SystemRoot%\System32\mcizvt.dll
NY -> mlJDsSjk.dll -> %SystemRoot%\System32\mlJDsSjk.dll
NY -> mlJYroOI.dll -> %SystemRoot%\System32\mlJYroOI.dll
NY -> moWyJkkj.ini -> %SystemRoot%\System32\moWyJkkj.ini
NY -> moWyJkkj.ini2 -> %SystemRoot%\System32\moWyJkkj.ini2
NY -> nakvtctm.ini -> %SystemRoot%\System32\nakvtctm.ini
NY -> navnawyq.ini -> %SystemRoot%\System32\navnawyq.ini
NY -> nddijeqm.dll -> %SystemRoot%\System32\nddijeqm.dll
NY -> nnNddDvt.dll -> %SystemRoot%\System32\nnNddDvt.dll
NY -> nxcbwbyx.dll -> %SystemRoot%\System32\nxcbwbyx.dll
NY -> oebtsbwe.dll -> %SystemRoot%\System32\oebtsbwe.dll
NY -> opngerqt.dll -> %SystemRoot%\System32\opngerqt.dll
NY -> opnlMeDu.dll -> %SystemRoot%\System32\opnlMeDu.dll
NY -> opnnkkIc.dll -> %SystemRoot%\System32\opnnkkIc.dll
NY -> qoMCSkih.dll -> %SystemRoot%\System32\qoMCSkih.dll
NY -> qoMfefGA.dll -> %SystemRoot%\System32\qoMfefGA.dll
NY -> qwruantg.ini -> %SystemRoot%\System32\qwruantg.ini
NY -> rjmfawos.dll -> %SystemRoot%\System32\rjmfawos.dll
NY -> rqRHArpQ.dll -> %SystemRoot%\System32\rqRHArpQ.dll
NY -> rswmqlhs.ini -> %SystemRoot%\System32\rswmqlhs.ini
NY -> schemoxm.dll -> %SystemRoot%\System32\schemoxm.dll
NY -> sideujyk.dll -> %SystemRoot%\System32\sideujyk.dll
NY -> sknnvehi.ini -> %SystemRoot%\System32\sknnvehi.ini
NY -> soojgvvh.dll -> %SystemRoot%\System32\soojgvvh.dll
NY -> sprlht.dll -> %SystemRoot%\System32\sprlht.dll
NY -> sprtcx.dll -> %SystemRoot%\System32\sprtcx.dll
NY -> ssqQgGWM.dll.vir -> %SystemRoot%\System32\ssqQgGWM.dll.vir
NY -> stpfwp.dll -> %SystemRoot%\System32\stpfwp.dll
NY -> S?mantec -> %SystemRoot%\System32\Sуmantec
NY -> toyhide.bmp -> %SystemRoot%\System32\toyhide.bmp
NY -> tstCbJjl.ini -> %SystemRoot%\System32\tstCbJjl.ini
NY -> tstCbJjl.ini2 -> %SystemRoot%\System32\tstCbJjl.ini2
NY -> tuvSJywV.dll.vir -> %SystemRoot%\System32\tuvSJywV.dll.vir
NY -> tuvVMFwX.dll -> %SystemRoot%\System32\tuvVMFwX.dll
NY -> tuvWomMC.dll -> %SystemRoot%\System32\tuvWomMC.dll
NY -> UBabefii.ini -> %SystemRoot%\System32\UBabefii.ini
NY -> UBabefii.ini2 -> %SystemRoot%\System32\UBabefii.ini2
NY -> uqllnh.dll -> %SystemRoot%\System32\uqllnh.dll
NY -> urvpaivm.dll -> %SystemRoot%\System32\urvpaivm.dll
NY -> uuekwbrc.dll -> %SystemRoot%\System32\uuekwbrc.dll
NY -> vdll -> %SystemRoot%\System32\vdll
NY -> vgmtsb.dll -> %SystemRoot%\System32\vgmtsb.dll
NY -> vikaxgjk.dll -> %SystemRoot%\System32\vikaxgjk.dll
NY -> VwyJSvut.ini -> %SystemRoot%\System32\VwyJSvut.ini
NY -> VwyJSvut.ini2 -> %SystemRoot%\System32\VwyJSvut.ini2
NY -> wlquvmca.dll -> %SystemRoot%\System32\wlquvmca.dll
NY -> wpfecjfw.dll -> %SystemRoot%\System32\wpfecjfw.dll
NY -> xuaiibxu.dll -> %SystemRoot%\System32\xuaiibxu.dll
NY -> xxywXoLF.dll -> %SystemRoot%\System32\xxywXoLF.dll
NY -> yfeikbpc.dll -> %SystemRoot%\System32\yfeikbpc.dll
NY -> yiksvbej.dll -> %SystemRoot%\System32\yiksvbej.dll
NY -> yohikytclfvdx.dll -> %SystemRoot%\System32\yohikytclfvdx.dll
NY -> ??sembly -> %SystemRoot%\System32\аѕsembly
NY -> 17PHolmes1000106.exe -> %SystemRoot%\17PHolmes1000106.exe
NY -> 17PHolmes572.exe -> %SystemRoot%\17PHolmes572.exe
NY -> 444.470 -> %SystemRoot%\444.470
NY -> BMffeadcb8.xml -> %SystemRoot%\BMffeadcb8.xml
NY -> mainms.vpi -> %SystemRoot%\mainms.vpi
NY -> pskt.ini -> %SystemRoot%\pskt.ini
NY -> yoursearchnet_com.exe -> %SystemRoot%\yoursearchnet_com.exe
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 103 bytes -> %AllUsersProfile%\Application Data\TEMP:4B7BEAFF
NY -> @Alternate Data Stream - 108 bytes -> %AllUsersProfile%\Application Data\TEMP:CB0AACC9
NY -> ?ymantec -> %UserProfile%\My Documents\Ѕymantec
NY -> Yazzle1281OinUninstaller.exe -> %CommonProgramFiles%\Yazzle1281OinUninstaller.exe
[Extra Files]
Purity
[Empty Temp Folders]
[Start Explorer]

That's a pretty big list so make sure you get it all.

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it and close Notepad (save changes if necessary).
  • Close OTScanIt and locate the OTScanIt.txt file in the folder where OTScanIt.exe is located.
  • Attach that file back here in your next reply.
Step #5

Copy/paste the following back here in your next reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in your next reply:
  • The new OTScanIt scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 mcanada

mcanada
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 20 July 2008 - 11:39 PM

Step 1 completed with Avenger and copy/paste code. Attached is the log avenger.txt. Reboot was fine except for a couple of RUN errors having to do with missing dll's.
Step 2 completed with OTScanit and copy/paste code. It asked for reboot and system rebooted with no errors and seeming to feel better. Attached is the log OTScanIt_07202008_234626.txt

I am currently running the F-Secure Online Scanner and as soon as that finishes, I will complete steps 3, 4, and 5 and post results.

Thank you,

Mark

Attached Files



#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:02 PM

Posted 20 July 2008 - 11:59 PM

Cool. So far things look pretty good.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 mcanada

mcanada
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 21 July 2008 - 04:33 AM

Ok OT, here are the last 2 logs; the attached file is the one from F-Secure, and the following text is the OTScanIt log with the requested checked options. The system is acting normal now; what a good feeling!


Thanks,
Mark



OTScanIt logfile created on: 7/21/2008 5:27:19 AM
OTScanIt by OldTimer - Version 1.0.16.2	 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
894.48 Mb Total Physical Memory | 594.20 Mb Available Physical Memory | 66.43% Memory free
2.12 Gb Paging File | 1.71 Gb Available in Paging File | 80.95% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.10 Gb Total Space | 37.05 Gb Free Space | 20.35% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.99 Gb Free Space | 23.64% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOUSTON
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 8:49:00 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 1:42:38 PM | Attr =	]
prismxl.sys -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 8/5/2005 10:46:16 PM | Attr =	]
synergyc.exe -> %ProgramFiles%\Synergy\synergyc.exe ->  [Ver =  | Size = 348160 bytes | Modified Date = 11/12/2005 3:53:54 PM | Attr =	]
tivobeacon.exe -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.6 | Size = 868864 bytes | Modified Date = 4/4/2008 10:53:56 AM | Attr =	]
winvnc.exe -> %ProgramFiles%\TightVNC\WinVNC.exe -> TightVNC Group [Ver = 1, 3, 9, 0 | Size = 589824 bytes | Modified Date = 5/7/2007 7:28:58 PM | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 8:49:00 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
zhotkey.exe -> %SystemRoot%\zHotkey.exe ->  [Ver = 3, 0, 0, 7 | Size = 543232 bytes | Modified Date = 5/17/2004 9:30:04 PM | Attr =	]
shwiconem.exe -> %ProgramFiles%\Digital Media Reader\shwiconEM.exe -> Alcor Micro, Corp. [Ver = 1, 4, 0, 8 | Size = 135168 bytes | Modified Date = 11/15/2004 6:04:32 PM | Attr =	]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 11/2/2004 11:24:46 PM | Attr =	]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.33 | Size = 77824 bytes | Modified Date = 12/1/2004 7:54:22 PM | Attr =	]
clamtray.exe -> %ProgramFiles%\ClamWin\bin\ClamTray.exe -> alch [Ver = 0.93.1.0 | Size = 77824 bytes | Modified Date = 6/14/2008 8:13:14 AM | Attr =	]
tppaldr.exe -> %SystemRoot%\tppaldr.exe -> In-System Design, Inc. [Ver = 5.04.1150.0  | Size = 118784 bytes | Modified Date = 10/5/2001 12:54:28 PM | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 4:24:20 PM | Attr =	]
visualtooltip.exe -> %ProgramFiles%\VisualTooltip21\VisualToolTip.exe -> Christian Salmon [Ver = 2.1.0.0 | Size = 955904 bytes | Modified Date = 3/27/2007 8:54:22 AM | Attr =	]
qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 2/1/2008 12:13:08 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 2/4/2008 3:18:40 PM | Attr =	]
dmxlauncher.exe -> %ProgramFiles%\Roxio\CinePlayer\DMXLauncher.exe ->  [Ver =  | Size = 113136 bytes | Modified Date = 2/3/2008 3:43:58 AM | Attr =	]
spyhunter3.exe -> %ProgramFiles%\Enigma Software Group\SpyHunter\SpyHunter3.exe -> Enigma Software Group USA, LLC. [Ver = 1.0.30.0 | Size = 851968 bytes | Modified Date = 6/19/2008 4:48:00 PM | Attr =	]
seccopy.exe -> %ProgramFiles%\SecCopy\SecCopy.exe -> Centered Systems [Ver = 6.2.0.37 | Size = 1134080 bytes | Modified Date = 9/17/2001 9:37:08 AM | Attr =	]
tivotransfer.exe -> %CommonProgramFiles%\TiVo Shared\Transfer\TiVoTransfer.exe -> TiVo Inc. [Ver = 1.4 | Size = 1193984 bytes | Modified Date = 4/4/2008 10:54:34 AM | Attr =	]
tivonotify.exe -> %ProgramFiles%\TiVo\Desktop\TiVoNotify.exe -> TiVo Inc. [Ver = 1.2 | Size = 394240 bytes | Modified Date = 4/4/2008 10:54:58 AM | Attr =	]
tivoserver.exe -> %ProgramFiles%\TiVo\Desktop\TiVoServer.exe -> TiVo Inc. [Ver = 1.5 | Size = 1879552 bytes | Modified Date = 4/4/2008 10:56:46 AM | Attr =	]
alarmapp.exe -> %ProgramFiles%\palmOne\AlarmApp.exe -> Palm, Inc. [Ver = 4.1.0 | Size = 274432 bytes | Modified Date = 6/21/2005 1:09:18 PM | Attr =	]
bigfix.exe -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 7/31/2002 1:22:26 PM | Attr =	]
hotsync.exe -> %ProgramFiles%\palmOne\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 3:16:08 PM | Attr =	]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 5:21:22 AM | Attr =	]
listproalarms.exe -> %ProgramFiles%\Ilium Software\ListPro\ListProAlarms.exe -> Ilium Software, Inc. [Ver = 5.0.0.2016 | Size = 124000 bytes | Modified Date = 8/9/2007 11:00:24 AM | Attr =	]
listproalarms.exe -> %ProgramFiles%\Ilium Software\ListPro\ListProAlarms.exe -> Ilium Software, Inc. [Ver = 5.0.0.2016 | Size = 124000 bytes | Modified Date = 8/9/2007 11:00:24 AM | Attr =	]
wallpapertoy.exe -> %ProgramFiles%\WallpaperToy\Wallpapertoy.Exe -> Microsoft Corp. [Ver = 2002.00.006 | Size = 110592 bytes | Modified Date = 12/18/2002 8:12:26 PM | Attr =	]
yahoowidgets.exe -> %ProgramFiles%\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe -> Yahoo! Inc. [Ver = 4.5.1 | Size = 3746856 bytes | Modified Date = 12/11/2007 6:34:48 PM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 2/4/2008 3:18:32 PM | Attr =	]
yahoowidgets.exe -> %ProgramFiles%\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe -> Yahoo! Inc. [Ver = 4.5.1 | Size = 3746856 bytes | Modified Date = 12/11/2007 6:34:48 PM | Attr =	]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 239320 bytes | Modified Date = 2/19/2006 6:24:52 AM | Attr =	]
hpqimzone.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqimzone.exe -> Hewlett-Packard Development Company, L.P. [Ver = 065.000.117.000 | Size = 479232 bytes | Modified Date = 2/10/2006 8:56:12 AM | Attr =	]
yahoowidgets.exe -> %ProgramFiles%\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe -> Yahoo! Inc. [Ver = 4.5.1 | Size = 3746856 bytes | Modified Date = 12/11/2007 6:34:48 PM | Attr =	]
yahoowidgets.exe -> %ProgramFiles%\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe -> Yahoo! Inc. [Ver = 4.5.1 | Size = 3746856 bytes | Modified Date = 12/11/2007 6:34:48 PM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 8:49:00 PM | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 1:42:38 PM | Attr =	]
(CheckIP) CheckIP [Win32_Own | Disabled | Stopped] -> %SystemDrive%\CheckIP\CheckIP.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 12/27/2007 10:50:43 AM | Attr =	]
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\spool\drivers\w32x86\3\HPBOID.EXE -> Hewlett-Packard Company [Ver = 1, 0, 46, 0 | Size = 73728 bytes | Modified Date = 10/16/2004 6:31:06 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 2/4/2008 3:18:32 PM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 3:27:52 AM | Attr =	]
(PrismXL) PrismXL [Win32_Own | Auto | Running] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 8/5/2005 10:46:16 PM | Attr =	]
(Roxio UPnP Renderer 10) Roxio UPnP Renderer 10 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -> Sonic Solutions [Ver = 10.1.1.32 | Size = 313840 bytes | Modified Date = 2/3/2008 8:24:06 AM | Attr =	]
(Roxio Upnp Server 10) Roxio Upnp Server 10 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 10\RoxioUpnpService10.exe -> Sonic Solutions [Ver = 10.1.1.32 | Size = 362992 bytes | Modified Date = 2/3/2008 8:24:08 AM | Attr =	]
(RoxLiveShare10) LiveShare P2P Server 10 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -> Sonic Solutions [Ver = 10.1.1.32 | Size = 309744 bytes | Modified Date = 2/3/2008 8:23:38 AM | Attr =	]
(RoxMediaDB10) RoxMediaDB10 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -> Sonic Solutions [Ver = 10.1.1.32 | Size = 1112560 bytes | Modified Date = 2/3/2008 8:23:28 AM | Attr =	]
(RoxWatch10) Roxio Hard Drive Watcher 10 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -> Sonic Solutions [Ver = 10.1.1.32 | Size = 166384 bytes | Modified Date = 2/3/2008 8:23:36 AM | Attr =	]
(SessionLauncher) SessionLauncher [Win32_Own | Auto | Stopped] -> %SystemDrive%\DOCUME~1\Owner\LOCALS~1\Temp\DX9\SessionLauncher.exe -> File not found
(Synergy Client) Synergy Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Synergy\synergyc.exe ->  [Ver =  | Size = 348160 bytes | Modified Date = 11/12/2005 3:53:54 PM | Attr =	]
(TivoBeacon2) TiVo Beacon [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.6 | Size = 868864 bytes | Modified Date = 4/4/2008 10:53:56 AM | Attr =	]
(winvnc) VNC Server [Win32_Own | Auto | Running] -> %ProgramFiles%\TightVNC\WinVNC.exe -> TightVNC Group [Ver = 1, 3, 9, 0 | Size = 589824 bytes | Modified Date = 5/7/2007 7:28:58 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
CHotkey -> %SystemRoot%\zHotkey.exe [zHotkey.exe] ->  [Ver = 3, 0, 0, 7 | Size = 543232 bytes | Modified Date = 5/17/2004 9:30:04 PM | Attr =	]
ClamWin -> %ProgramFiles%\ClamWin\bin\ClamTray.exe ["C:\Program Files\ClamWin\bin\ClamTray.exe" --logon] -> alch [Ver = 0.93.1.0 | Size = 77824 bytes | Modified Date = 6/14/2008 8:13:14 AM | Attr =	]
DMXLauncher -> %ProgramFiles%\Roxio\CinePlayer\DMXLauncher.exe ["C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"] ->  [Ver =  | Size = 113136 bytes | Modified Date = 2/3/2008 3:43:58 AM | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 4:24:20 PM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 2/4/2008 3:18:40 PM | Attr =	]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 2/1/2008 12:13:08 AM | Attr =	]
Reminder -> %SystemRoot%\creator\remind_xp.exe [%WINDIR%\Creator\Remind_XP.exe] -> SoftThinks [Ver = 1, 0, 3, 0 | Size = 966656 bytes | Modified Date = 3/9/2005 11:49:48 AM | Attr =	]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 11/2/2004 11:24:46 PM | Attr =	]
RoxWatchTray -> %CommonProgramFiles%\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe ["C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"] -> Sonic Solutions [Ver = 10.1.1.32 | Size = 244208 bytes | Modified Date = 2/3/2008 8:23:34 AM | Attr =	]
ShowWnd -> %SystemRoot%\ShowWnd.exe [ShowWnd.exe] ->  [Ver =  | Size = 36864 bytes | Modified Date = 9/19/2003 12:09:22 PM | Attr =	]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5.1.0.33 | Size = 77824 bytes | Modified Date = 12/1/2004 7:54:22 PM | Attr =	]
SpyHunter Security Suite -> %ProgramFiles%\Enigma Software Group\SpyHunter\SpyHunter3.exe ["C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized] -> Enigma Software Group USA, LLC. [Ver = 1.0.30.0 | Size = 851968 bytes | Modified Date = 6/19/2008 4:48:00 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
SunKistEM -> %ProgramFiles%\Digital Media Reader\shwiconEM.exe ["C:\Program Files\Digital Media Reader\shwiconem.exe"] -> Alcor Micro, Corp. [Ver = 1, 4, 0, 8 | Size = 135168 bytes | Modified Date = 11/15/2004 6:04:32 PM | Attr =	]
TPP Auto Loader -> %SystemRoot%\tppaldr.exe [C:\WINDOWS\tppaldr.exe] -> In-System Design, Inc. [Ver = 5.04.1150.0  | Size = 118784 bytes | Modified Date = 10/5/2001 12:54:28 PM | Attr =	]
VisualTooltip -> %ProgramFiles%\VisualTooltip21\VisualToolTip.exe ["C:\Program Files\VisualTooltip21\VisualToolTip.exe"] -> Christian Salmon [Ver = 2.1.0.0 | Size = 955904 bytes | Modified Date = 3/27/2007 8:54:22 AM | Attr =	]
WinVNC -> %ProgramFiles%\TightVNC\WinVNC.exe ["C:\Program Files\TightVNC\WinVNC.exe" -servicehelper] -> TightVNC Group [Ver = 1, 3, 9, 0 | Size = 589824 bytes | Modified Date = 5/7/2007 7:28:58 PM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe ["C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"] -> Ahead Software AG [Ver = 1, 2, 0, 60 | Size = 1961984 bytes | Modified Date = 9/16/2005 5:41:26 PM | Attr =	]
Second Copy 2000 -> %ProgramFiles%\SecCopy\SecCopy.exe ["C:\PROGRA~1\SecCopy\SecCopy.exe"] -> Centered Systems [Ver = 6.2.0.37 | Size = 1134080 bytes | Modified Date = 9/17/2001 9:37:08 AM | Attr =	]
TivoNotify -> %ProgramFiles%\TiVo\Desktop\TiVoNotify.exe ["C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify] -> TiVo Inc. [Ver = 1.2 | Size = 394240 bytes | Modified Date = 4/4/2008 10:54:58 AM | Attr =	]
TivoServer -> %ProgramFiles%\TiVo\Desktop\TiVoServer.exe ["C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer] -> TiVo Inc. [Ver = 1.5 | Size = 1879552 bytes | Modified Date = 4/4/2008 10:56:46 AM | Attr =	]
TivoTransfer -> %CommonProgramFiles%\TiVo Shared\Transfer\TiVoTransfer.exe ["C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer] -> TiVo Inc. [Ver = 1.4 | Size = 1193984 bytes | Modified Date = 4/4/2008 10:54:34 AM | Attr =	]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R  ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Alarm Manager.LNK -> %ProgramFiles%\palmOne\AlarmApp.exe -> Palm, Inc. [Ver = 4.1.0 | Size = 274432 bytes | Modified Date = 6/21/2005 1:09:18 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\BigFix.lnk -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 7/31/2002 1:22:26 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HotSync Manager.lnk -> %ProgramFiles%\palmOne\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 3:16:08 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 5:21:22 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 065.000.117.000 | Size = 73728 bytes | Modified Date = 2/10/2006 8:56:20 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\ListProAlarms.lnk -> %ProgramFiles%\Ilium Software\ListPro\ListProAlarms.exe -> Ilium Software, Inc. [Ver = 5.0.0.2016 | Size = 124000 bytes | Modified Date = 8/9/2007 11:00:24 AM | Attr =	]
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\Event Reminder.lnk -> %SystemDrive%\pmw\PMREMIND.EXE ->  [Ver = 1, 0, 0, 1 | Size = 255408 bytes | Modified Date = 10/20/1997 12:31:00 PM | Attr =	]
%UserProfile%\Start Menu\Programs\Startup\ListProAlarms.lnk -> %ProgramFiles%\Ilium Software\ListPro\ListProAlarms.exe -> Ilium Software, Inc. [Ver = 5.0.0.2016 | Size = 124000 bytes | Modified Date = 8/9/2007 11:00:24 AM | Attr =	]
%UserProfile%\Start Menu\Programs\Startup\Wallpaper Changer.lnk -> %ProgramFiles%\WallpaperToy\Wallpapertoy.Exe -> Microsoft Corp. [Ver = 2002.00.006 | Size = 110592 bytes | Modified Date = 12/18/2002 8:12:26 PM | Attr =	]
%UserProfile%\Start Menu\Programs\Startup\Yahoo! Widgets.lnk -> %ProgramFiles%\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgets.exe -> Yahoo! Inc. [Ver = 4.5.1 | Size = 3746856 bytes | Modified Date = 12/11/2007 6:34:48 PM | Attr =	]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 7/17/2008 10:51:28 AM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 AM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 11:36:51 PM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 12:41:36 PM | Attr =	]
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 61440 bytes | Modified Date = 3/14/2005 8:49:00 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRAM_GSA-4163B_______________A101____\324b35374d353145343820372020202020202020 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomLITE-ON_CD-ROM_LTN-489S_________________8GS4____\5&1c711010&0&0.1.0 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAK [set tz=est0 | set TERM=WIN | ] -> %SystemDrive%\AUTOEXEC.BAK [ NTFS ] ->  [Ver =  | Size = 27 bytes | Modified Date = 9/1/2005 2:43:34 PM | Attr =	]
AUTOEXEC.BAT [SET tz=est0 | SET TERM=WIN | SET PATH=%PATH%;C:\VIP;C:\TBSC\ | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 60 bytes | Modified Date = 9/12/2005 9:25:33 AM | Attr =	]
Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ] -> D:\Autorun.inf [ FAT32 ] ->  [Ver =  | Size = 53 bytes | Modified Date = 9/13/2004 12:15:24 PM | Attr =  HS]
< HOSTS File > (764 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
192.168.1.112 HP0018FE2A76B4 -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
adbank_sealy.com [https] -> Trusted sites -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{17260D58-49E4-4B13-8F96-0E7E4CD22BFA} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mlJDsSjk.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found
Open with BitPump -> Reg Error: Value  does not exist or could not be read. -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{3AA4E7DF-0D4B-42FC-A3AB-08167FA5F2CF} ->	(1394 Net Adapter) -> 
{D62109BA-F8D9-4E79-A140-D0679571B74D} -> 85.255.115.107,85.255.112.217   (Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 1:42:30 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{31435657-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab[Reg Error: Key does not exist or could not be opened.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD}[HKEY_LOCAL_MACHINE] -> http://www.superadblocker.com/activex/sabspx.cab[SABScanProcesses Class] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[Java Plug-in 1.5.0_04] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] -> 
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\\.Owner -> {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\\{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sabprocenum.sys\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sabprocenum.sys\\.Owner -> {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sabprocenum.sys\\{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 644 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 6D 3C E5 23 F1 3C 7F 70 B3 28 8B B2 FE 10 19 DE 64 34 64 38 64 33 63 35 00 00 00 00 AC 95 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 CF 25 9C 4A 52 07 D8 E6 9F D0 FD D4  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> AB DD 88 00 B7 CE EB D7 1B  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> EE 8C 05 3A 98 06  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [iissuba] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 9F 52 A3 F6 89 48 96 0A D7 5C F0 76 76 F5 B4 93  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> D0 40 18 12 30 9A C5 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 38 3A 3C 0C 7F C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 38 3A 3C 0C 7F C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 38 3A 3C 0C 7F C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 5093 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:bittorrent] ->  [Ver =  | Size = 43008 bytes | Modified Date = 3/1/2007 7:11:22 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FileZilla\FileZilla.exe -> %ProgramFiles%\FileZilla\FileZilla.exe [C:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla] ->  [Ver = 2, 2, 15, 0 | Size = 1634304 bytes | Modified Date = 8/21/2005 6:01:36 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\javaw.exe -> %SystemRoot%\system32\javaw.exe [C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:30 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TightVNC\WinVNC.exe -> %ProgramFiles%\TightVNC\WinVNC.exe [C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server] -> TightVNC Group [Ver = 1, 3, 9, 0 | Size = 589824 bytes | Modified Date = 5/7/2007 7:28:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe [C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service] -> TiVo Inc. [Ver = 1.6 | Size = 868864 bytes | Modified Date = 4/4/2008 10:53:56 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe -> %CommonProgramFiles%\TiVo Shared\Transfer\TiVoTransfer.exe [C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service] -> TiVo Inc. [Ver = 1.4 | Size = 1193984 bytes | Modified Date = 4/4/2008 10:54:34 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TiVo\Desktop\TiVoServer.exe -> %ProgramFiles%\TiVo\Desktop\TiVoServer.exe [C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service] -> TiVo Inc. [Ver = 1.5 | Size = 1879552 bytes | Modified Date = 4/4/2008 10:56:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TiVo\Desktop\TiVoDesktop.exe -> %ProgramFiles%\TiVo\Desktop\TiVoDesktop.exe [C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface] -> TiVo Inc. [Ver = 2.5 | Size = 2792960 bytes | Modified Date = 4/4/2008 10:58:56 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TiVo\Desktop\curl.exe -> %ProgramFiles%\TiVo\Desktop\curl.exe [C:\Program Files\TiVo\Desktop\curl.exe:LocalSubNet:Enabled:TiVo Curl Service] ->  [Ver =  | Size = 265728 bytes | Modified Date = 3/30/2008 5:07:10 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5353:UDP -> 5353:UDP:LocalSubNet:Enabled:mDNS-SD/Bonjour -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7288:TCP -> 7288:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7288 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7289:TCP -> 7289:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7289 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7290:TCP -> 7290:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7290 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7291:TCP -> 7291:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7291 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7292:TCP -> 7292:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7292 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7293:TCP -> 7293:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7293 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7294:TCP -> 7294:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7294 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7295:TCP -> 7295:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7295 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7296:TCP -> 7296:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7296 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7297:TCP -> 7297:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7297 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundTimestampRequest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundMaskRequest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundRouterRequest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowOutboundDestinationUnreachable -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowOutboundSourceQuench -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowOutboundParameterProblem -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowOutboundTimeExceeded -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowRedirect -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowOutboundPacketTooBig -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 7/20/2008 11:40:43 PM | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 7/20/2008 9:28:12 AM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 7/20/2008 11:51:57 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 938004480 bytes | Created Date = 7/20/2008 8:42:00 AM | Attr =  HS]
BDE -> %SystemRoot%\System32\BDE ->  [Folder | Created Date = 7/16/2008 9:08:03 AM | Attr =	]
toyhide.bmp -> %SystemRoot%\System32\toyhide.bmp ->  [Ver =  | Size = 7056054 bytes | Created Date = 7/21/2008 12:13:33 AM | Attr =  H ]
unacev2.dll -> %SystemRoot%\System32\unacev2.dll ->  [Ver =  | Size = 75264 bytes | Created Date = 7/17/2008 9:10:17 PM | Attr =	]
unrar3.dll -> %SystemRoot%\System32\unrar3.dll ->  [Ver =  | Size = 153088 bytes | Created Date = 7/17/2008 9:10:17 PM | Attr =	]
ZoneAlarmIconUS.ico -> %SystemRoot%\System32\ZoneAlarmIconUS.ico ->  [Ver =  | Size = 9662 bytes | Created Date = 7/17/2008 9:07:37 PM | Attr =	]
ztvunace26.dll -> %SystemRoot%\System32\ztvunace26.dll ->  [Ver =  | Size = 77312 bytes | Created Date = 7/17/2008 9:10:18 PM | Attr =	]
ztvunrar36.dll -> %SystemRoot%\System32\ztvunrar36.dll ->  [Ver =  | Size = 162304 bytes | Created Date = 7/17/2008 9:10:18 PM | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 7/18/2008 3:53:37 PM | Attr =	]
SpyHunter Scanner.job -> %SystemRoot%\tasks\SpyHunter Scanner.job ->  [Ver =  | Size = 442 bytes | Created Date = 7/18/2008 11:57:49 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 7/17/2008 2:37:49 PM | Attr =	]
TiVo -> %AllUsersProfile%\Application Data\TiVo ->  [Folder | Created Date = 7/11/2008 10:19:25 AM | Attr =	]
Simply Super Software -> %AppData%\Simply Super Software ->  [Folder | Created Date = 7/17/2008 9:10:15 PM | Attr =	]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 7/17/2008 8:22:00 AM | Attr =	]
CutePDF Writer -> %UserProfile%\Local Settings\Application Data\CutePDF Writer ->  [Folder | Created Date = 6/26/2008 1:38:01 PM | Attr =	]
._Deja_Vu_R1_Custom-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._Deja_Vu_R1_Custom-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Created Date = 7/15/2008 7:24:09 AM | Attr =  H ]
._Disclosure_R1-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._Disclosure_R1-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Created Date = 7/15/2008 7:24:48 AM | Attr =  H ]
._Independence_Day-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._Independence_Day-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Created Date = 7/15/2008 7:24:54 AM | Attr =  H ]
._Pink_Panther_A_Shot_In_The_Dark-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._Pink_Panther_A_Shot_In_The_Dark-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Created Date = 7/15/2008 7:24:18 AM | Attr =  H ]
._The_Bounty_R1-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._The_Bounty_R1-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Created Date = 7/15/2008 7:24:13 AM | Attr =  H ]
._The_Incredibles_Widescreen-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._The_Incredibles_Widescreen-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Created Date = 7/15/2008 7:24:05 AM | Attr =  H ]
._The_Pink_Panther_2006-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._The_Pink_Panther_2006-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Created Date = 7/15/2008 7:24:22 AM | Attr =  H ]
._The_Return_Of_The_Pink_Panther-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._The_Return_Of_The_Pink_Panther-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Created Date = 7/15/2008 7:24:26 AM | Attr =  H ]
dss.exe -> %AllUsersProfile%\Documents\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 7/18/2008 3:52:41 PM | Attr =	]
HiJackThis.exe -> %AllUsersProfile%\Documents\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 7/18/2008 4:05:26 PM | Attr =	]
SHH_Logo.gif -> %AllUsersProfile%\Documents\SHH_Logo.gif ->  [Ver =  | Size = 1173 bytes | Created Date = 6/26/2008 4:57:54 PM | Attr =	]
dorcus.zdl -> %UserProfile%\My Documents\dorcus.zdl ->  [Ver =  | Size = 11173888 bytes | Created Date = 6/26/2008 11:50:40 PM | Attr =	]
SpyHunter.lnk -> %AllUsersProfile%\Desktop\SpyHunter.lnk ->  [Ver =  | Size = 934 bytes | Created Date = 7/18/2008 11:06:27 AM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 7/20/2008 10:16:53 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 724952 bytes | Created Date = 7/20/2008 11:33:12 PM | Attr =	]
csstooltips.zip -> %UserProfile%\Desktop\csstooltips.zip ->  [Ver =  | Size = 3444 bytes | Created Date = 7/3/2008 6:40:06 AM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 7/20/2008 10:18:41 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Created Date = 7/20/2008 10:18:18 PM | Attr =	]
SUPERAntiSpyware.lnk -> %UserProfile%\Desktop\SUPERAntiSpyware.lnk ->  [Ver =  | Size = 737 bytes | Created Date = 7/17/2008 8:24:52 AM | Attr =	]
Acro Software -> %ProgramFiles%\Acro Software ->  [Folder | Created Date = 6/26/2008 1:36:38 PM | Attr =	]
Enigma Software Group -> %ProgramFiles%\Enigma Software Group ->  [Folder | Created Date = 7/18/2008 10:45:53 AM | Attr =	]
GPLGS -> %ProgramFiles%\GPLGS ->  [Folder | Created Date = 6/26/2008 1:37:23 PM | Attr =	]
Hijackthis -> %ProgramFiles%\Hijackthis ->  [Folder | Created Date = 7/18/2008 1:25:04 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 7/20/2008 11:44:01 PM | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 7/20/2008 9:28:12 AM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 7/20/2008 11:51:57 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 938004480 bytes | Modified Date = 7/20/2008 11:48:38 PM | Attr =  HS]
My Downloads -> %SystemDrive%\My Downloads ->  [Folder | Modified Date = 7/18/2008 12:41:46 PM | Attr =	]
My DVDs -> %SystemDrive%\My DVDs ->  [Folder | Modified Date = 7/16/2008 7:55:57 AM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 7/20/2008 11:40:45 PM | Attr = R  ]
System Backup -> %SystemDrive%\System Backup ->  [Folder | Modified Date = 7/21/2008 2:16:58 AM | Attr =	]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 7/20/2008 11:13:50 AM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 7/20/2008 11:51:46 PM | Attr =	]
BDE -> %SystemRoot%\System32\BDE ->  [Folder | Modified Date = 7/17/2008 12:00:44 AM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 7/20/2008 11:51:46 PM | Attr =	]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 7/20/2008 11:50:50 PM | Attr =	]
inetsrv -> %SystemRoot%\System32\inetsrv ->  [Folder | Modified Date = 7/20/2008 11:52:50 PM | Attr =	]
toyhide.bmp -> %SystemRoot%\System32\toyhide.bmp ->  [Ver =  | Size = 7056054 bytes | Modified Date = 7/21/2008 4:13:31 AM | Attr =  H ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1170 bytes | Modified Date = 7/20/2008 11:49:18 PM | Attr =	]
ZoneAlarmIconUS.ico -> %SystemRoot%\System32\ZoneAlarmIconUS.ico ->  [Ver =  | Size = 9662 bytes | Modified Date = 7/20/2008 11:28:26 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 7/20/2008 11:48:41 PM | Attr =   S]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 189 bytes | Modified Date = 7/17/2008 9:10:24 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 7/20/2008 11:56:27 PM | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 7/18/2008 3:53:37 PM | Attr =	]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 7/18/2008 3:15:52 PM | Attr =  HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 7/15/2008 5:26:40 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 7/21/2008 5:12:46 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 7/20/2008 11:49:41 PM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 7/20/2008 11:49:01 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 7/21/2008 4:13:31 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 7/18/2008 12:22:41 PM | Attr =   S]
Tbred.ini -> %SystemRoot%\Tbred.ini ->  [Ver =  | Size = 4672 bytes | Modified Date = 7/16/2008 2:15:43 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 7/21/2008 12:32:50 AM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 1089 bytes | Modified Date = 7/20/2008 11:49:40 PM | Attr =	]
AdwareAlert Scheduled Scan.job -> %SystemRoot%\tasks\AdwareAlert Scheduled Scan.job ->  [Ver =  | Size = 496 bytes | Modified Date = 7/21/2008 3:00:00 AM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 7/14/2008 11:30:04 AM | Attr =	]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job ->  [Ver =  | Size = 438 bytes | Modified Date = 7/20/2008 11:49:12 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 7/20/2008 11:48:43 PM | Attr =  H ]
SpyHunter Scanner.job -> %SystemRoot%\tasks\SpyHunter Scanner.job ->  [Ver =  | Size = 442 bytes | Modified Date = 7/21/2008 1:00:30 AM | Attr =	]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job ->  [Ver =  | Size = 448 bytes | Modified Date = 7/20/2008 11:49:10 PM | Attr =	]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job ->  [Ver =  | Size = 362 bytes | Modified Date = 7/19/2008 7:51:28 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs ->  [Folder | Modified Date = 7/20/2008 11:48:49 PM | Attr =	]
eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/16/2008 9:26:27 AM | Attr =  H ]
eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/16/2008 10:33:22 AM | Attr =  H ]
eHomeLog-10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-10.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 11:08:06 AM | Attr =  H ]
eHomeLog-11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-11.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 12:29:44 PM | Attr =  H ]
eHomeLog-12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-12.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 12:31:55 PM | Attr =  H ]
eHomeLog-13.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-13.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 1:52:11 PM | Attr =  H ]
eHomeLog-14.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-14.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 2:36:44 PM | Attr =  H ]
eHomeLog-15.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-15.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 8:26:55 PM | Attr =  H ]
eHomeLog-16.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-16.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 8:57:11 PM | Attr =  H ]
eHomeLog-17.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-17.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 9:25:36 PM | Attr =  H ]
eHomeLog-18.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-18.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 9:36:05 PM | Attr =  H ]
eHomeLog-19.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-19.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 9:54:51 PM | Attr =  H ]
eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/16/2008 10:41:39 AM | Attr =  H ]
eHomeLog-20.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-20.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 10:09:08 PM | Attr =  H ]
eHomeLog-21.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-21.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 10:26:19 PM | Attr =  H ]
eHomeLog-22.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-22.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/18/2008 12:01:35 AM | Attr =  H ]
eHomeLog-23.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-23.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/18/2008 10:25:03 AM | Attr =  H ]
eHomeLog-24.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-24.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/18/2008 10:41:32 AM | Attr =  H ]
eHomeLog-25.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-25.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/18/2008 11:19:56 AM | Attr =  H ]
eHomeLog-26.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-26.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/18/2008 11:39:25 AM | Attr =  H ]
eHomeLog-27.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-27.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/18/2008 11:53:05 AM | Attr =  H ]
eHomeLog-28.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-28.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/18/2008 12:24:33 PM | Attr =  H ]
eHomeLog-29.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-29.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/18/2008 12:52:31 PM | Attr =  H ]
eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/16/2008 10:48:25 AM | Attr =  H ]
eHomeLog-30.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-30.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/18/2008 1:47:01 PM | Attr =  H ]
eHomeLog-31.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-31.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/18/2008 2:19:57 PM | Attr =  H ]
eHomeLog-32.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-32.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/18/2008 2:27:47 PM | Attr =  H ]
eHomeLog-33.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-33.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/18/2008 3:09:51 PM | Attr =  H ]
eHomeLog-34.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-34.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/18/2008 3:22:34 PM | Attr =  H ]
eHomeLog-35.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-35.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/18/2008 3:49:56 PM | Attr =  H ]
eHomeLog-36.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-36.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/19/2008 1:26:43 PM | Attr =  H ]
eHomeLog-37.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-37.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/19/2008 6:22:18 PM | Attr =  H ]
eHomeLog-38.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-38.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/20/2008 8:43:00 AM | Attr =  H ]
eHomeLog-39.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-39.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/20/2008 8:52:39 AM | Attr =  H ]
eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/16/2008 1:59:42 PM | Attr =  H ]
eHomeLog-40.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-40.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/20/2008 9:15:59 AM | Attr =  H ]
eHomeLog-41.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-41.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/20/2008 10:12:28 PM | Attr =  H ]
eHomeLog-42.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-42.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/20/2008 11:32:40 PM | Attr =  H ]
eHomeLog-43.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-43.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/20/2008 11:42:12 PM | Attr =  H ]
eHomeLog-44.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-44.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/20/2008 11:49:08 PM | Attr =  H ]
eHomeLog-45.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-45.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/10/2008 9:13:54 AM | Attr =  H ]
eHomeLog-46.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-46.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/12/2008 9:06:21 PM | Attr =  H ]
eHomeLog-47.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-47.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/16/2008 9:18:28 AM | Attr =  H ]
eHomeLog-5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-5.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 7:55:57 AM | Attr =  H ]
eHomeLog-6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-6.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 9:41:44 AM | Attr =  H ]
eHomeLog-7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-7.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/16/2008 2:58:53 PM | Attr =  H ]
eHomeLog-8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-8.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/16/2008 3:15:17 PM | Attr =  H ]
eHomeLog-9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-9.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 7/17/2008 5:38:43 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 12/20/2007 4:26:48 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11168 bytes | Modified Date = 12/20/2007 4:20:55 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 12/20/2007 4:24:10 PM | Attr =	]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/21/2006 12:35:06 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 7/21/2008 12:13:47 AM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 7/21/2008 12:13:47 AM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
daas_s.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 3:59:28 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
fsbld.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 7/20/2008 11:55:51 PM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
fsmart.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 7/20/2008 11:56:09 PM | Attr =	]
fspe32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 7/20/2008 11:55:56 PM | Attr =	]
fsup32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14205 | Size = 888832 bytes | Modified Date = 7/20/2008 11:56:09 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 7/20/2008 11:55:55 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fspe32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsup32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 7/20/2008 11:56:09 PM | Attr =	]
fsmart.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 7/20/2008 11:56:09 PM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14205 | Size = 888832 bytes | Modified Date = 7/20/2008 11:56:09 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 7/20/2008 11:55:55 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 7/20/2008 11:55:55 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 7/20/2008 11:55:56 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 7/20/2008 11:55:56 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 7/20/2008 11:55:51 PM | Attr =	]
fsblu.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 7/20/2008 11:55:51 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 7/21/2008 12:13:47 AM | Attr =	]
ext.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 7/20/2008 11:55:50 PM | Attr =	]
fsedb.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 1019090 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
perf.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 7/21/2008 5:10:53 AM | Attr =	]
sae.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 7/20/2008 11:55:50 PM | Attr =	]
sai.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 7/20/2008 11:55:50 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 7/20/2008 11:55:50 PM | Attr =	]
ext.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 7/20/2008 11:55:50 PM | Attr =	]
sae.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 7/20/2008 11:55:50 PM | Attr =	]
sai.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 7/20/2008 11:55:50 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsedb.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 1019090 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 7/21/2008 12:13:47 AM | Attr =	]
FS@av.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 7/20/2008 11:55:50 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 7/20/2008 11:55:48 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 7/20/2008 11:55:51 PM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 7/20/2008 11:56:09 PM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 7/20/2008 11:55:56 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 7/20/2008 11:55:55 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 7/20/2008 11:55:49 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 7/20/2008 11:55:50 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 7/20/2008 11:55:50 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avpe\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avpe ->  [Folder | Modified Date = 7/20/2008 11:55:49 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 7/20/2008 11:55:48 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 7/20/2008 11:55:49 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 7/20/2008 11:56:17 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 7/20/2008 11:56:05 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 7/20/2008 11:56:09 PM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 7/20/2008 11:56:09 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 7/20/2008 11:55:55 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 7/20/2008 11:55:55 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 7/20/2008 11:55:56 PM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 7/20/2008 11:55:56 PM | Attr =	]
C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 7/20/2008 11:55:51 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 7/20/2008 11:55:51 PM | Attr =	]
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies ->  [Folder | Modified Date = 4/7/2008 10:13:13 AM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/20/2008 11:48:49 PM | Attr =	]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 7/20/2008 11:48:49 PM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 7/20/2008 11:48:49 PM | Attr =	]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 7/20/2008 11:48:49 PM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 49152 bytes | Modified Date = 7/20/2008 11:48:49 PM | Attr =	]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 7/20/2008 11:48:49 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 7/20/2008 11:48:49 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 7/20/2008 11:48:49 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 7/20/2008 11:48:49 PM | Attr =  HS]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 7/18/2008 3:16:02 PM | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 7/18/2008 10:41:51 AM | Attr =	]
TiVo -> %AllUsersProfile%\Application Data\TiVo ->  [Folder | Modified Date = 7/11/2008 10:19:25 AM | Attr =	]
BitTorrent -> %AppData%\BitTorrent ->  [Folder | Modified Date = 7/15/2008 4:14:00 AM | Attr =	]
Simply Super Software -> %AppData%\Simply Super Software ->  [Folder | Modified Date = 7/17/2008 9:11:46 PM | Attr =	]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 7/17/2008 8:22:00 AM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 7/20/2008 11:50:08 PM | Attr =	]
CutePDF Writer -> %UserProfile%\Local Settings\Application Data\CutePDF Writer ->  [Folder | Modified Date = 6/26/2008 7:46:42 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 70144 bytes | Modified Date = 7/16/2008 7:55:50 AM | Attr =	]
TiVo Desktop -> %UserProfile%\Local Settings\Application Data\TiVo Desktop ->  [Folder | Modified Date = 7/18/2008 3:50:41 PM | Attr =	]
.DS_Store -> %AllUsersProfile%\Documents\.DS_Store ->  [Ver =  | Size = 43012 bytes | Modified Date = 7/15/2008 7:23:50 AM | Attr =  H ]
._Deja_Vu_R1_Custom-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._Deja_Vu_R1_Custom-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Modified Date = 7/15/2008 7:24:10 AM | Attr =  H ]
._Disclosure_R1-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._Disclosure_R1-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Modified Date = 7/15/2008 7:24:51 AM | Attr =  H ]
._Independence_Day-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._Independence_Day-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Modified Date = 7/15/2008 7:24:54 AM | Attr =  H ]
._Pink_Panther_A_Shot_In_The_Dark-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._Pink_Panther_A_Shot_In_The_Dark-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Modified Date = 7/15/2008 7:24:18 AM | Attr =  H ]
._The_Bounty_R1-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._The_Bounty_R1-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Modified Date = 7/15/2008 7:24:14 AM | Attr =  H ]
._The_Incredibles_Widescreen-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._The_Incredibles_Widescreen-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Modified Date = 7/15/2008 7:24:05 AM | Attr =  H ]
._The_Pink_Panther_2006-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._The_Pink_Panther_2006-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Modified Date = 7/15/2008 7:24:22 AM | Attr =  H ]
._The_Return_Of_The_Pink_Panther-[cdcovers_cc]-cd1.jpg -> %AllUsersProfile%\Documents\._The_Return_Of_The_Pink_Panther-[cdcovers_cc]-cd1.jpg ->  [Ver =  | Size = 4096 bytes | Modified Date = 7/15/2008 7:24:50 AM | Attr =  H ]
AOL Downloads -> %AllUsersProfile%\Documents\AOL Downloads ->  [Folder | Modified Date = 7/15/2008 7:23:51 AM | Attr =	]
dss.exe -> %AllUsersProfile%\Documents\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 7/18/2008 3:52:39 PM | Attr =	]
HiJackThis.exe -> %AllUsersProfile%\Documents\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 7/18/2008 4:05:26 PM | Attr =	]
SHH_Logo.gif -> %AllUsersProfile%\Documents\SHH_Logo.gif ->  [Ver =  | Size = 1173 bytes | Modified Date = 6/26/2008 4:57:54 PM | Attr =	]
Thumbs.db -> %AllUsersProfile%\Documents\Thumbs.db ->  [Ver =  | Size = 1316780 bytes | Modified Date = 6/23/2008 11:04:28 AM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %AllUsersProfile%\Documents\Thumbs.db:encryptable
BitTorrent Downloads -> %UserProfile%\My Documents\BitTorrent Downloads ->  [Folder | Modified Date = 7/16/2008 9:52:18 AM | Attr =	]
dorcus.zdl -> %UserProfile%\My Documents\dorcus.zdl ->  [Ver =  | Size = 11173888 bytes | Modified Date = 6/27/2008 9:26:52 AM | Attr =	]
HPC Notes.wnt -> %UserProfile%\My Documents\HPC Notes.wnt ->  [Ver =  | Size = 662016 bytes | Modified Date = 7/14/2008 8:16:12 AM | Attr =	]
My Images -> %UserProfile%\My Documents\My Images ->  [Folder | Modified Date = 7/15/2008 5:02:10 PM | Attr =	]
My Lists.clf -> %UserProfile%\My Documents\My Lists.clf ->  [Ver =  | Size = 111104 bytes | Modified Date = 7/14/2008 8:17:20 AM | Attr =	]
My TiVo Recordings -> %UserProfile%\My Documents\My TiVo Recordings ->  [Folder | Modified Date = 7/15/2008 5:26:29 PM | Attr = R S]
My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Modified Date = 7/16/2008 7:21:33 AM | Attr = R  ]
My Wallet.wlt -> %UserProfile%\My Documents\My Wallet.wlt ->  [Ver =  | Size = 19456 bytes | Modified Date = 7/14/2008 8:17:11 AM | Attr =	]
SpyHunter.lnk -> %AllUsersProfile%\Desktop\SpyHunter.lnk ->  [Ver =  | Size = 934 bytes | Modified Date = 7/18/2008 11:06:27 AM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 7/20/2008 10:16:51 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 724952 bytes | Modified Date = 7/20/2008 11:33:13 PM | Attr =	]
csstooltips.zip -> %UserProfile%\Desktop\csstooltips.zip ->  [Ver =  | Size = 3444 bytes | Modified Date = 7/3/2008 6:40:00 AM | Attr =	]
Dreamweaver CS3 (The Missing Manual Series).lnk -> %UserProfile%\Desktop\Dreamweaver CS3 (The Missing Manual Series).lnk ->  [Ver =  | Size = 1171 bytes | Modified Date = 6/26/2008 7:50:25 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 7/21/2008 5:22:10 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Modified Date = 7/20/2008 10:18:17 PM | Attr =	]
SUPERAntiSpyware.lnk -> %UserProfile%\Desktop\SUPERAntiSpyware.lnk ->  [Ver =  | Size = 737 bytes | Modified Date = 7/17/2008 8:24:52 AM | Attr =	]

< End of report >


#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:02 PM

Posted 21 July 2008 - 08:00 AM

Hi mcanada. Everything looks good. Go ahead and run the system normally for a couple of days and then get back with me and let me know if there are any continuing issues. If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 mcanada

mcanada
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 21 July 2008 - 08:21 AM

Yes, the system is acting very nicely now - no errors, system is responsive, and no pop-ups and runaway tasks. I will run over the next few days then post a reponse back to this thread informing you how the system is running.

Many, Many thanks to you!
Best regards,
Mark

#11 mcanada

mcanada
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 23 July 2008 - 05:30 PM

OT

Just following up with you... My system has been running great. There have been no unexpected popups, runaway tasks. Also I have been running "Network Probe" so that I can see what is going on with my network and there have been no unusual requests going out.

Where do we go from here?

Best Regards,

Mark

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:02 PM

Posted 23 July 2008 - 05:44 PM

Glad to hear it mcanada. Now let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start OTScanIt
    Click the CleanUp button
  • OTScanIt will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • OTScanIt will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users