Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Red Circle White X Returns


  • Please log in to reply
9 replies to this topic

#1 Holy Moses

Holy Moses

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 18 July 2008 - 10:53 PM

OK -- my old computer hit the skids, but before it did, I had the dreaded red circle/white X problem.

You guys fixed it. Here's the link. http://www.bleepingcomputer.com/forums/t/129285/red-circle-white-x-ultimate-defender/

My wife and I were looking for cars online, her computer shut down and rebooted. I thought "uh oh". Sure enough, now she's got the red circle / white X.

Let's do this again..... (sigh)

Log created by WinPatrol version 15.5.2008.0:15.5.2008.0
Scan saved at 10:49:16 PM, on  7/18/2008
Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\aspimgr.exe
C:\WINDOWS\SYSTEM32\cisvc.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMntor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\WINDOWS\SYSTEM32\carpserv.exe
C:\PROGRAM FILES\SYNAPTICS\SynTP\SynTPLpr.exe
C:\PROGRAM FILES\SYNAPTICS\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\ORiNOCO\COMBOCARD 11AG\Utility\orinoco.exe
C:\PROGRAM FILES\Java\JRE1.5.0_06\bin\jusched.exe
C:\PROGRAM FILES\QUICKTIME\qttask.exe
C:\PROGRAM FILES\iTunes\ITUNESHELPER.EXE
C:\PROGRAM FILES\COMMON FILES\Real\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDOWS\SYSTEM32\PRISMSVR.exe
C:\PROGRAM FILES\MESSENGER\msmsgs.exe
C:\PROGRAM FILES\2WIRE 802.11G WIRELESS\PRISMCFG.exe
C:\PROGRAM FILES\HP\DIGITAL IMAGING\bin\hpqtra08.exe
C:\PROGRAM FILES\NETGEAR\WG111v2\WG111v2.exe
C:\PROGRAM FILES\3M\PSNLite\PsnLite.exe
C:\Program Files\3M\PSNLite\PSNGive.exe
C:\PROGRAM FILES\Citrix\ICA CLIENT\pnamain.exe
C:\PROGRAM FILES\iPod\bin\IPODSERVICE.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\bin\hpqste08.exe
C:\PROGRAM FILES\HP\DIGITAL IMAGING\bin\hpqbam08.exe
C:\PROGRAM FILES\HP\DIGITAL IMAGING\bin\hpqgpc01.exe
C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
O1 - Hosts: 127.0.0.
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll
O4 - HKLM\..\Run: [IgfxTray]C:\WINDOWS\SYSTEM32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]C:\WINDOWS\SYSTEM32\hkcmd.exe
O4 - HKLM\..\Run: [CARPService]carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr]C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh]C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [proxim_orinoco_11ag]C:\Program Files\ORiNOCO\ComboCard 11ag\Utility\orinoco.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp]C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]C:\Program Files\SymNetDrv\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task]C:\Program Files\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [iTunesHelper]C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe]C:\Program Files\Common Files\Real\Update_OB\realsched.exe  -osboot
O4 - HKLM\..\Run: [AS00_Gear511]C:\Program Files\NETGEAR\WG511SCU\Utility.\Gear511.exe -hide
O4 - HKLM\..\Run: [HP Software Update]C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon]C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE]C:\WINDOWS\system32\PRISMSVR.EXE /APPLY
O4 - HKLM\..\Run: [braviax]braviax.exe
O4 - HKLM\..\Run: [WinPatrol]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [MSMSGS]C:\Program Files\Messenger\msmsgs.exe /background
O4 - Global Startup: 2Wire Wireless Client.lnk=C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk=C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk=C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk=C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk=C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Program Neighborhood Agent.lnk=C:\WINDOWS\Installer\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
O4 - Global Startup: 2WireSetup.lnk=C:\Program Files\2Wire\WebWorks.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre1.5.0_06\bin
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: DirectAnimation Java Classes (dajava) - file://C:\WINDOWS\Java\classes\dajava.cab
O16 - DPF: Microsoft XML Parser for Java (xmldso) - file://C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1083885642736
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128023277506
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim) - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37857.795277) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37857.7952777778
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in) - http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O20 - AppInit_DLLs: cru629.dat

O23 - Service: Application Management -  - C:\WINDOWS\System32\appmgmts.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: Human Interface Device Access -  - C:\WINDOWS\System32\hidserv.dll
O23 - Service: hpqcxs08 - Hewlett-Packard Co. - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
O23 - Service: HP CUE DeviceDiscovery Service - Hewlett-Packard Co. - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
O23 - Service: HP Network Devices Support - Hewlett-Packard Co. - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Net Driver HPZ12 - Hewlett-Packard - C:\WINDOWS\SYSTEM32\HPZinw12.dll
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Netgear Wireless Domain Login Service -  - C:\WINDOWS\system32\NWDLS.exe
O23 - Service: Pml Driver HPZ12 - Hewlett-Packard - C:\WINDOWS\SYSTEM32\HPZipm12.dll
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

---  Additional WinPatrol Info  ---
Default Browser: Internet Explorer - Internet Explorer version 6.00.2900.2180
MSIE: Internet Explorer (6.00.2900.2180)
3640 IE Cookies in Folder: C:\Documents and Settings\(USERNAME DELETED)\Cookies\

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 3:Download updates for me, but let me choose whether to install them.


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [Norton AntiVirus - Scan my computer - (USERNAME DELETED).job]C:\Program Files\Norton AntiVirus\Navw32.exe 05/20/2005  8:00 PM
WP31 - Scheduled Tasks: [AppleSoftwareUpdate.job]C:\Program Files\Apple Software Update\SoftwareUpdate.exe Never

WP16 - ActiveX: {0006F033-0000-0000-C000-000000000046} [Microsoft Outlook] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\ScrBlock.dll 11.0.2
WP16 - ActiveX: {0006F03A-0000-0000-C000-000000000046} [Microsoft Outlook] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\ScrBlock.dll 11.0.2
WP16 - ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} [MetaStreamCtl Class] C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MEDIA PLAYER\AXMETASTREAM_0305000D.DLL 3, 5, 0, 13
WP16 - ActiveX: {05589FA1-C356-11CE-BF01-00AA0055595A} [ActiveMovieControl Object] C:\WINDOWS\SYSTEM32\wmpdxm.dll 10.00.00.3646
WP16 - ActiveX: {17492023-C23A-453E-A040-C7C580BBF700} [Windows Genuine Advantage Validation Tool] C:\WINDOWS\SYSTEM32\LEGITCHECKCONTROL.DLL 1.4.0410.0
WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\WINDOWS\SYSTEM32\wmpdxm.dll 10.00.00.3646
WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\WINDOWS\SYSTEM32\mshtml.dll 6.00.2900.2722
WP16 - ActiveX: {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [DHTML Edit Control Safe for Scripting for IE5] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\Triedit\dhtmled.ocx 6.01.9232
WP16 - ActiveX: {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [HtmlDlgSafeHelper Class] C:\WINDOWS\SYSTEM32\mshtmled.dll 6.00.2900.2713
WP16 - ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} [Installation Support] C:\PROGRAM FILES\Yahoo!\common\YINSTHELPER20073151.DLL 1, 0, 0, 1
WP16 - ActiveX: {38481807-CA0E-42D2-BF39-B33AF135CC4D} [IETag Factory] C:\Program Files\Common Files\Microsoft Shared\Smart Tag\IETAG.DLL 10.0.2609
WP16 - ActiveX: {4063BE15-3B08-470D-A0D5-B37161CFFD69} [QuickTime Object] C:\PROGRAM FILES\QUICKTIME\QTPlugin.ocx QuickTime 7.1.6
WP16 - ActiveX: {406B5949-7190-4245-91A9-30A17DE16AD0} [Snapfish Activia] C:\WINDOWS\DOWNLOADED PROGRAM FILES\SNAPFISHACTIVIA1000.OCX 1, 0, 0, 10
WP16 - ActiveX: {4C39376E-FA9D-4349-BACC-D305C1750EF3} [EPUImageControl Class] C:\WINDOWS\DOWNLOADED PROGRAM FILES\EPUWALCONTROL.DLL 1, 0, 4, 0
WP16 - ActiveX: {55136805-B2DE-11D1-B9F2-00A0C98BC547} [Shell Name Space] C:\WINDOWS\SYSTEM32\shdocvw.dll 6.00.2900.2713
WP16 - ActiveX: {6414512B-B978-451D-A0D8-FCFDF33E833C} [WUWebControl Class] C:\WINDOWS\SYSTEM32\wuweb.dll 5.8.0.2469
WP16 - ActiveX: {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} [Microsoft Shell UI Helper] C:\WINDOWS\SYSTEM32\shdocvw.dll 6.00.2900.2713
WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\WINDOWS\SYSTEM32\wmp.dll 10.00.00.3646
WP16 - ActiveX: {6E9EF3FE-BCA8-4F5C-AD81-3F4357205600} [LSControl Class] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\LiveReg\LSCtrl.dll 3.0.0
WP16 - ActiveX: {72267F6A-A6F9-11D0-BC94-00C04FB67863} [Active Desktop Mover] C:\WINDOWS\SYSTEM32\shell32.dll 6.00.2900.2763
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\SYSTEM32\shdocvw.dll 6.00.2900.2713
WP16 - ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} [Yahoo! MailTo] C:\PROGRAM FILES\Yahoo!\common\YMMAPI.dll 1, 0, 0, 0
WP16 - ActiveX: {B45FF030-4447-11D2-85DE-00C04FA35C89} [SearchAssistantOC] C:\WINDOWS\SYSTEM32\shdocvw.dll 6.00.2900.2713
WP16 - ActiveX: {BD96C556-65A3-11D0-983A-00C04FC29E36} [RDS.DataSpace] C:\PROGRAM FILES\COMMON FILES\System\MSADC\msadco.dll 2.81.1117.0
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe Acrobat Control for ActiveX] C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\pdf.ocx 6.0.1.2003110300
WP16 - ActiveX: {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] C:\WINDOWS\SYSTEM32\wmp.dll 10.00.00.3646
WP16 - ActiveX: {CD3AFA7B-B84F-48F0-9393-7EDC34128127} [AUDIO__WAV Moniker Class] C:\WINDOWS\SYSTEM32\wmp.dll 10.00.00.3646
WP16 - ActiveX: {CD3AFA94-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] C:\WINDOWS\SYSTEM32\wmp.dll 10.00.00.3646
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash9e.ocx 9,0,115,0
WP16 - ActiveX: {0002E510-0000-0000-C000-000000000046} [Microsoft Office Spreadsheet 9.0] C:\Program Files\Microsoft Office\Office10\MSOWC.DLL 
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\SYSTEM32\wmpdxm.dll 10.00.00.3646
WP16 - ActiveX: {08B0e5c0-4FCB-11CF-AAA5-00401C608501} [Web Browser Applet Control] C:\WINDOWS\SYSTEM32\msjava.dll 5.00.3810
WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\SYSTEM32\webvw.dll 6.00.2900.2180
WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\WINDOWS\SYSTEM32\wmpdxm.dll 10.00.00.3646
WP16 - ActiveX: {238f6f83-b8b4-11cf-8771-00a024541ee3} [Citrix ICA Client] C:\PROGRAM FILES\Citrix\ICA CLIENT\Wfica.ocx 10.200
WP16 - ActiveX: {52a2aaae-085d-4187-97ea-8c30db990436} [HHCtrl Object] C:\WINDOWS\SYSTEM32\hhctrl.ocx 5.2.3790.2453
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\SYSTEM32\shdocvw.dll 6.00.2900.2713
WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\WINDOWS\SYSTEM32\FM20.DLL 2.01
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\WINDOWS\SYSTEM32\mshtml.dll 6.00.2900.2722
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe Acrobat Control for ActiveX] C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\pdf.ocx 6.0.1.2003110300
WP16 - ActiveX: {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [RealPlayer G2 Control] C:\WINDOWS\SYSTEM32\rmoc3260.dll 6.0.9.2886
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash9e.ocx 9,0,115,0
WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\SYSTEM32\webvw.dll 6.00.2900.2180

WP32 - Hidden File: C:\BOOT.INI
WP32 - Hidden File: C:\BOOTSECT.DOS
WP32 - Hidden File: C:\DELL.SDR
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\NTLDR
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\WINNT.BMP
WP32 - Hidden File: C:\WINDOWS\WINNT256.BMP
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\CONFIG\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\CONFIG\USERDIFF.LOG
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\Documents and Settings\(USERNAME DELETED)\Local Settings\Temp\msn200.fdr
WP32 - Hidden File: C:\Documents and Settings\(USERNAME DELETED)\Local Settings\Temp\msn280.fdr
WP32 - Hidden File: C:\Documents and Settings\(USERNAME DELETED)\Local Settings\Temp\msn2936.fdr
WP32 - Hidden File: C:\Documents and Settings\(USERNAME DELETED)\Local Settings\Temp\msn3188.fdr
WP32 - Hidden File: C:\Documents and Settings\(USERNAME DELETED)\Local Settings\Temp\msn3480.fdr
WP32 - Hidden File: C:\Documents and Settings\(USERNAME DELETED)\Local Settings\Temp\msn396.fdr
WP32 - Hidden File: C:\Documents and Settings\(USERNAME DELETED)\Local Settings\Temp\msn420.fdr
WP32 - Hidden File: C:\Documents and Settings\(USERNAME DELETED)\Local Settings\Temp\msn520.fdr
WP32 - Hidden File: C:\Documents and Settings\(USERNAME DELETED)\Local Settings\Temp\msn540.fdr
WP32 - Hidden File: C:\Documents and Settings\(USERNAME DELETED)\Local Settings\Temp\msn680.fdr
WP32 - Hidden File: C:\Documents and Settings\(USERNAME DELETED)\Local Settings\Temp\msn768.fdr

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\WINDOWS\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Word Document]C:\Program Files\Microsoft Office\Office10\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Outlook Item]C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe  /Open %L
WP33 - File Type .MP3: [MPEG Layer 3 Audio]C:\Program Files\iTunes\iTunes.exe /open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [RealPlayer Presentation]C:\Program Files\Real\RealPlayer\RealPlay.exe %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\Office10\WINWORD.EXE /n /dde
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe shdocvw.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Excel Worksheet]C:\Program Files\Microsoft Office\Office10\EXCEL.EXE /e

Memory currently in use: 73%
Physical Memory Free: 68,952 KB
Paging File Free: 410,400 KB
Virtual Memory Free: 2,048,360 KB


--
End of file


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:20 PM

Posted 20 July 2008 - 06:13 PM

Hello Holy Moses and welcome to BC. Let's see what we can find. Follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Copy/paste the text in the code box below into the Custom Scans editbox:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Holy Moses

Holy Moses
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 20 July 2008 - 08:33 PM

Okay, done

Attached Files



#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:20 PM

Posted 20 July 2008 - 10:13 PM

Hi Holy Moses. Unless your logon name is USER NAME DELETED there's not alot I can do with this log. The fix will not be able to remove some of the affected files because there is no such location on the hard drive. I either need the actual log without any edits in it or you'll just need to leave the system as is.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Holy Moses

Holy Moses
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 21 July 2008 - 07:42 AM

It's not (of course), but I was going to replace instances of "USERNAME DELETED" with what it had been. But hey, since we're attaching files and not putting text in that comes up on teh google, I guess I can go ahead and attach the original.

Attached Files



#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:20 PM

Posted 21 July 2008 - 08:13 AM

Hi Holy Moses. Ok, let's see what we can do. Follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
Beep
Files to delete:
%systemroot%\braviax.exe
%systemroot%\cru629.dat
%systemroot%\system32\braviax.exe
%systemroot%\system32\cru629.dat
%systemroot%\system32\delself.bat
%systemroot%\system32\dllcache\beep.sys
%systemroot%\system32\drivers\beep.sys
%systemroot%\system32\winivstr.exe
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (Beep) Beep [Kernel | System | Running] -> %SystemRoot%\System32\drivers\BEEP.SYS
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> braviax -> %SystemRoot%\SYSTEM32\braviax.exe [braviax.exees%]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> cru629.dat.lnk -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire 4.2.6\LimeWire.exe [C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe:*:Enabled:LimeWire]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\setup\HPZNUI01.EXE -> D:\setup\HPZNUI01.EXE [D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\setup\HPONICIFS01.EXE -> D:\setup\HPONICIFS01.EXE [D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe]
[Files/Folders - Created Within 30 days]
NY -> beep.sys -> %SystemRoot%\System32\dllcache\beep.sys
NY -> braviax.exe -> %SystemRoot%\System32\braviax.exe
NY -> cru629.dat -> %SystemRoot%\System32\cru629.dat
NY -> delself.bat -> %SystemRoot%\System32\delself.bat
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> winivstr.exe -> %SystemRoot%\System32\winivstr.exe
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> braviax.exe -> %SystemRoot%\braviax.exe
NY -> cru629.dat -> %SystemRoot%\cru629.dat
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> 3 C:\Documents and Settings\Saedra Pinkerton\Desktop\*.tmp files -> C:\Documents and Settings\Saedra Pinkerton\Desktop\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> beep.sys -> %SystemRoot%\System32\dllcache\beep.sys
NY -> BEEP.SYS -> %SystemRoot%\System32\drivers\BEEP.SYS
NY -> braviax.exe -> %SystemRoot%\System32\braviax.exe
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> cru629.dat -> %SystemRoot%\System32\cru629.dat
NY -> delself.bat -> %SystemRoot%\System32\delself.bat
NY -> winivstr.exe -> %SystemRoot%\System32\winivstr.exe
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> braviax.exe -> %SystemRoot%\braviax.exe
NY -> cru629.dat -> %SystemRoot%\cru629.dat
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Extra Registry Entries]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\  -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\  -> 
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it and close Notepad (save changes if necessary).
  • Close OTScanIt and locate the OTScanIt.txt file in the folder where OTScanIt.exe is located.
  • Attach that file back here in your next reply.
Step #5

Copy/paste the following back here in your next reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in your next reply:
  • The new OTScanIt scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 Holy Moses

Holy Moses
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 22 July 2008 - 08:21 AM

Avenger Report

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "Beep" deleted successfully.
File "C:\WINDOWS\braviax.exe" deleted successfully.
File "C:\WINDOWS\cru629.dat" deleted successfully.
File "C:\WINDOWS\system32\braviax.exe" deleted successfully.
File "C:\WINDOWS\system32\cru629.dat" deleted successfully.
File "C:\WINDOWS\system32\delself.bat" deleted successfully.
File "C:\WINDOWS\system32\dllcache\beep.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\beep.sys" deleted successfully.
File "C:\WINDOWS\system32\winivstr.exe" deleted successfully.
File "c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat" deleted successfully.
File "c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

OT Scan Fix It Log

OTScanIt logfile created on: 7/22/2008 8:15:37 AM
OTScanIt by OldTimer - Version 1.0.16.2	 Folder = C:\Documents and Settings\Saedra Pinkerton\Desktop\COMPUTER FIX-ITS\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
253.98 Mb Total Physical Memory | 29.24 Mb Available Physical Memory | 11.51% Memory free
625.00 Mb Paging File | 311.43 Mb Available in Paging File | 49.83% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.90 Gb Total Space | 15.83 Gb Free Space | 56.72% Space Free | Partition Type: NTFS
Drive D: | 302.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAEDRACOMPUTER
Current User Name: Saedra Pinkerton
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 12:41:02 PM | Attr =	]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.3.8 | Size = 165488 bytes | Modified Date = 12/13/2004 4:30:10 PM | Attr =	]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\navapsvc.exe -> Symantec Corporation [Ver = 11.0.2.4 | Size = 176768 bytes | Modified Date = 8/30/2004 7:34:20 PM | Attr =	]
npfmntor.exe -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMntor.exe -> Symantec Corporation [Ver = 11.0.2.4 | Size = 46208 bytes | Modified Date = 8/30/2004 7:34:42 PM | Attr =	]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 5:24:04 PM | Attr =	]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 819352 bytes | Modified Date = 1/25/2005 11:25:22 AM | Attr =	]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.3.8 | Size = 198256 bytes | Modified Date = 12/13/2004 4:30:04 PM | Attr =	]
hkcmd.exe -> %SystemRoot%\SYSTEM32\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2014 | Size = 114688 bytes | Modified Date = 1/6/2003 8:44:10 PM | Attr =	]
carpserv.exe -> %SystemRoot%\SYSTEM32\carpserv.exe -> Conexant Systems, Inc. [Ver = 6.00.09.00 | Size = 4608 bytes | Modified Date = 1/23/2003 3:06:04 PM | Attr =	]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.0.2 11Oct02 | Size = 126976 bytes | Modified Date = 10/11/2002 12:30:44 PM | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.0.2 11Oct02 | Size = 561152 bytes | Modified Date = 10/11/2002 12:29:46 PM | Attr =	]
orinoco.exe -> %ProgramFiles%\ORiNOCO\ComboCard 11ag\Utility\orinoco.exe -> Proxim Corporation [Ver = 2.3.0.75 | Size = 1728512 bytes | Modified Date = 3/28/2003 3:50:22 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 2:03:52 PM | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.3.8 | Size = 58992 bytes | Modified Date = 12/13/2004 4:30:00 PM | Attr =	]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 257088 bytes | Modified Date = 6/1/2007 4:51:26 PM | Attr =	]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 11/12/2007 9:05:29 PM | Attr =	]
gear511.exe -> %ProgramFiles%\NETGEAR\WG511SCU\Utility\Gear511.exe ->   [Ver = 2, 64, 31, 3 | Size = 1540096 bytes | Modified Date = 2/1/2007 4:35:16 PM | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 100, 0, 1, 0 | Size = 49152 bytes | Modified Date = 10/14/2007 9:17:32 PM | Attr =	]
prismsvr.exe -> %SystemRoot%\SYSTEM32\PRISMSVR.exe -> Conexant Systems, Inc. [Ver = 1.01.16  | Size = 290905 bytes | Modified Date = 4/13/2004 7:45:30 PM | Attr =	]
winpatrol.exe -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe -> BillP Studios [Ver = 15, 5, 2008, 0 | Size = 333120 bytes | Modified Date = 7/4/2008 11:58:06 AM | Attr =	]
prismcfg.exe -> %ProgramFiles%\2Wire 802.11g Wireless\PRISMCFG.exe -> 2Wire Inc. [Ver = 1.01.17  | Size = 335979 bytes | Modified Date = 4/13/2004 8:47:56 PM | Attr =	]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 100.0.170.000 | Size = 214360 bytes | Modified Date = 10/14/2007 8:38:52 PM | Attr =	]
wg111v2.exe -> %ProgramFiles%\NETGEAR\WG111v2\WG111v2.exe ->  [Ver = 2, 0, 0, 0 | Size = 2297856 bytes | Modified Date = 5/17/2006 4:05:52 PM | Attr =	]
psnlite.exe -> %ProgramFiles%\3M\PSNLite\PsnLite.exe -> 3M [Ver = 3, 1, 1, 1073 | Size = 2080768 bytes | Modified Date = 10/15/2004 3:26:54 PM | Attr =	]
pnamain.exe -> %ProgramFiles%\Citrix\ICA Client\pnamain.exe -> Citrix Systems, Inc. [Ver = 10.200.2650 | Size = 565248 bytes | Modified Date = 2/7/2008 9:42:26 PM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 501312 bytes | Modified Date = 6/1/2007 4:51:22 PM | Attr =	]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 100.0.175.000 | Size = 184320 bytes | Modified Date = 10/19/2007 8:46:08 PM | Attr =	]
hpqbam08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqbam08.exe -> Hewlett-Packard Co. [Ver = 100.0.187.000 | Size = 610304 bytes | Modified Date = 11/2/2007 6:44:16 PM | Attr =	]
hpqgpc01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqgpc01.exe -> Hewlett-Packard [Ver = 100, 000, 028, 000 | Size = 262144 bytes | Modified Date = 11/2/2007 8:12:50 PM | Attr =	]
aupdate.exe -> %ProgramFiles%\Symantec\LiveUpdate\AUPDATE.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 149184 bytes | Modified Date = 2/23/2006 12:41:02 PM | Attr =	]
lucoms~1.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 12:41:02 PM | Attr =	]
lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 104128 bytes | Modified Date = 2/23/2006 12:41:02 PM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\COMPUTER FIX-ITS\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =	]
lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 104128 bytes | Modified Date = 2/23/2006 12:41:02 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 12:41:02 PM | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.3.8 | Size = 198256 bytes | Modified Date = 12/13/2004 4:30:04 PM | Attr =	]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.0.3.8 | Size = 79472 bytes | Modified Date = 12/13/2004 4:30:08 PM | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.3.8 | Size = 165488 bytes | Modified Date = 12/13/2004 4:30:10 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:50 AM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 501312 bytes | Modified Date = 6/1/2007 4:51:22 PM | Attr =	]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 12:41:02 PM | Attr =	]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\navapsvc.exe -> Symantec Corporation [Ver = 11.0.2.4 | Size = 176768 bytes | Modified Date = 8/30/2004 7:34:20 PM | Attr =	]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMntor.exe -> Symantec Corporation [Ver = 11.0.2.4 | Size = 46208 bytes | Modified Date = 8/30/2004 7:34:42 PM | Attr =	]
(NWDLS) Netgear Wireless Domain Login Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\NWDLS.exe -> File not found
(SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.4.0.53 | Size = 197864 bytes | Modified Date = 7/23/2004 8:47:22 PM | Attr =	]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBServ.exe -> Symantec Corporation [Ver = 11.0.2.4 | Size = 66688 bytes | Modified Date = 8/30/2004 7:34:52 PM | Attr =	]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.4.3.11 | Size = 206048 bytes | Modified Date = 10/15/2004 5:24:42 PM | Attr =	]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 5:24:04 PM | Attr =	]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 819352 bytes | Modified Date = 1/25/2005 11:25:22 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AS00_Gear511 -> %ProgramFiles%\NETGEAR\WG511SCU\Utility\Gear511.exe [C:\Program Files\NETGEAR\WG511SCU\Utility.\Gear511.exe -hide] ->   [Ver = 2, 64, 31, 3 | Size = 1540096 bytes | Modified Date = 2/1/2007 4:35:16 PM | Attr =	]
CARPService -> %SystemRoot%\SYSTEM32\carpserv.exe [carpserv.exe] -> Conexant Systems, Inc. [Ver = 6.00.09.00 | Size = 4608 bytes | Modified Date = 1/23/2003 3:06:04 PM | Attr =	]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 103.0.3.8 | Size = 58992 bytes | Modified Date = 12/13/2004 4:30:00 PM | Attr =	]
HotKeysCmds -> %SystemRoot%\SYSTEM32\hkcmd.exe [C:\WINDOWS\System32\hkcmd.exe] -> Intel Corporation [Ver = 3,0,0,2014 | Size = 114688 bytes | Modified Date = 1/6/2003 8:44:10 PM | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard [Ver = 100, 0, 1, 0 | Size = 49152 bytes | Modified Date = 10/14/2007 9:17:32 PM | Attr =	]
hpqSRMon -> %ProgramFiles%\HP\Digital Imaging\bin\HpqSRmon.exe [C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe] -> Hewlett-Packard [Ver = 10.0.0.202 | Size = 80896 bytes | Modified Date = 8/22/2007 4:31:16 PM | Attr =	]
IgfxTray -> %SystemRoot%\SYSTEM32\igfxtray.exe [C:\WINDOWS\System32\igfxtray.exe] -> Intel Corporation [Ver = 3,0,0,2014 | Size = 155648 bytes | Modified Date = 1/6/2003 8:56:16 PM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.2.0.35 | Size = 257088 bytes | Modified Date = 6/1/2007 4:51:26 PM | Attr =	]
PRISMSVR.EXE -> %SystemRoot%\SYSTEM32\PRISMSVR.exe ["C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY] -> Conexant Systems, Inc. [Ver = 1.01.16  | Size = 290905 bytes | Modified Date = 4/13/2004 7:45:30 PM | Attr =	]
proxim_orinoco_11ag -> %ProgramFiles%\ORiNOCO\ComboCard 11ag\Utility\orinoco.exe [C:\Program Files\ORiNOCO\ComboCard 11ag\Utility\orinoco.exe] -> Proxim Corporation [Ver = 2.3.0.75 | Size = 1728512 bytes | Modified Date = 3/28/2003 3:50:22 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe [C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 2:03:52 PM | Attr =	]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe [C:\PROGRA~1\SYMNET~1\SNDMon.exe] -> Symantec Corporation [Ver = 5.4.3.11 | Size = 95456 bytes | Modified Date = 1/25/2005 12:10:42 PM | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.0.2 11Oct02 | Size = 561152 bytes | Modified Date = 10/11/2002 12:29:46 PM | Attr =	]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.0.2 11Oct02 | Size = 126976 bytes | Modified Date = 10/11/2002 12:30:44 PM | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 11/12/2007 9:05:29 PM | Attr =	]
WinPatrol -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe [C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot] -> BillP Studios [Ver = 15, 5, 2008, 0 | Size = 333120 bytes | Modified Date = 7/4/2008 11:58:06 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\2Wire Wireless Client.lnk -> %ProgramFiles%\2Wire 802.11g Wireless\PRISMCFG.exe -> 2Wire Inc. [Ver = 1.01.17  | Size = 335979 bytes | Modified Date = 4/13/2004 8:47:56 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 100.0.170.000 | Size = 214360 bytes | Modified Date = 10/14/2007 8:38:52 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk -> %ProgramFiles%\NETGEAR\WG111v2\WG111v2.exe ->  [Ver = 2, 0, 0, 0 | Size = 2297856 bytes | Modified Date = 5/17/2006 4:05:52 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk -> %ProgramFiles%\3M\PSNLite\PsnLite.exe -> 3M [Ver = 3, 1, 1, 1073 | Size = 2080768 bytes | Modified Date = 10/15/2004 3:26:54 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk -> %SystemRoot%\Installer\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ->  [Ver =  | Size = 61440 bytes | Modified Date = 4/27/2008 11:50:02 PM | Attr = R  ]
< Saedra Pinkerton Startup Folder > -> C:\Documents and Settings\Saedra Pinkerton\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\2WireSetup.lnk -> %ProgramFiles%\2Wire\WebWorks.exe ->  [Ver = 1, 0, 0, 1 | Size = 626688 bytes | Modified Date = 2/6/2007 2:32:33 AM | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
cru629.dat.lnk ->  -> File not found
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 1:56:50 AM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\SYSTEM32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]
C:\WINDOWS\system32\ntos.exe -> %SystemRoot%\system32\ntos.exe -> File not found
*MultiFile Done* -> -> 
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL -> 
RtlGina2.dll -> %SystemRoot%\SYSTEM32\RtlGina2.dll ->  [Ver =  | Size = 36864 bytes | Modified Date = 5/3/2006 5:44:32 PM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\SYSTEM32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 1:56:52 AM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\SYSTEM32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.2763 (xpsp_sp2_gdr.050922-1642) | Size = 8450560 bytes | Modified Date = 9/22/2005 10:05:29 PM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\SYSTEM32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2014 | Size = 315392 bytes | Modified Date = 1/6/2003 8:43:20 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\SYSTEM32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 11:59:54 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSAMSUNG_CD-ROM_SN-124___________________N102____\5&64a8682&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 9/3/2002 8:59:58 AM | Attr =	]
AUTORUN.INF [[autorun] | open=setup.exe | icon=setup.exe |  | ] -> D:\AUTORUN.INF [ CDFS ] ->  [Ver =  | Size = 45 bytes | Modified Date = 2/6/2007 2:23:17 AM | Attr = R  ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://business.dellnet.com/ -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://business.dellnet.com/ -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://dogpile.com -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[yaho] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.2.4 | Size = 218240 bytes | Modified Date = 8/30/2004 7:34:34 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.2.4 | Size = 218240 bytes | Modified Date = 8/30/2004 7:34:34 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 2:22:10 PM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 2:22:10 PM | Attr =	]
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}:Exec -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet] -> UltimateBet [Ver = 2008, 1, 16, 1 | Size = 3667272 bytes | Modified Date = 1/16/2008 10:45:45 AM | Attr =	]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.2.3292 | Size = 61440 bytes | Modified Date = 8/1/2003 10:31:06 AM | Attr =	]
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart Select] -> Hewlett-Packard Co. [Ver = 100.0.14173 | Size = 542016 bytes | Modified Date = 11/6/2007 1:50:44 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{94148DB5-B42D-4915-95DA-2CBB4F7095BF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet] -> UltimateBet [Ver = 2008, 1, 16, 1 | Size = 3667272 bytes | Modified Date = 1/16/2008 10:45:45 AM | Attr =	]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.2.3292 | Size = 61440 bytes | Modified Date = 8/1/2003 10:31:06 AM | Attr =	]
CmdMapping\\{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [ClipBookBtn Class] -> Hewlett-Packard Co. [Ver = 100.0.14173 | Size = 542016 bytes | Modified Date = 11/6/2007 1:50:44 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{01F6F6E3-8B44-4E66-857E-ED04A6F9B363} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
{131910E2-AB21-43BB-A0D7-90E0914A6055} ->	(PA090 USB ETHERNET 10/100 ) -> 
{42D3CA5C-D877-4E38-8DFF-3F5F340939E8} ->	(U.S. Robotics 22Mbps Wireless Cardbus Adapter) -> 
{69CB8E28-666D-4DC8-9AF2-4C0934E1129A} ->	(2Wire 802.11g Cardbus Wireless LAN Card) -> 
{A00ECB34-6736-4877-B50C-003FB11783A0} ->	(ORiNOCO 802.11ag ComboCard Gold) -> 
{A85B6861-0FF9-46B2-9107-A3334C84DDEA} ->	() -> 
{EC1F1B18-8935-42D0-8BFB-74661125F491} ->	(NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=48835[Windows Genuine Advantage Validation Tool] -> 
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1083885642736[MSSecurityAdvisor Class] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll[Installation Support] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www.snapfish.com/SnapfishActivia.cab[Snapfish Activia] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128023277506[WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37857.7952777778[Reg Error: Key does not exist or could not be opened.] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_06] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 
{E855A2D4-987E-4F3B-A51C-64D10A7E2479}[HKEY_LOCAL_MACHINE] -> http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab[EPSImageControl Class] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/EPScontrol.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/EPScontrol.dll\\.Owner -> {E855A2D4-987E-4F3B-A51C-64D10A7E2479} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/EPScontrol.dll\\{E855A2D4-987E-4F3B-A51C-64D10A7E2479} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\.Owner -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\{02BCC737-B171-4746-94C9-0D8A0B2C0089} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mssecadv.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mssecadv.dll\\.Owner -> {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mssecadv.dll\\{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\WUServer -> http://sus.smu.edu -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\WUStatusServer -> http://sus.smu.edu -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RescheduleWaitTime -> 5 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoRebootWithLoggedOnUsers -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AUOptions -> 4 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\ScheduledInstallDay -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\ScheduledInstallTime -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\UseWUServer -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]
schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 1:56:46 AM | Attr =	]
wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 704 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 1:56:46 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 1:56:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 9F 19 12 5C 0D EF F6 55 D1 BD 71 A0 BE 13 3C C1 31 31 66 34 37 31 33 36 00 00 00 00 01 00 00 00 B4 01 00 00 B8 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 43 A4 16 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 0B 8E C9 5B 11 7B 2F E8 82  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 8E 00 CF 0C 0A 1F  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 9E A4 E4 8B 33 2B DD 42 D1 BE BF 95 78 AE DA 0F  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 80 B1 28 D5 1A 32 C5 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 9E B7 33 F0 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 9E B7 33 F0 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 9E B7 33 F0 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 66946 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PROGRA~1\ExamSoft\SofTest\SoftLnch.exe -> %ProgramFiles%\ExamSoft\SofTest\SoftLnch.exe [C:\PROGRA~1\ExamSoft\SofTest\SoftLnch.exe:*:Enabled:SofLaunch] -> Rattet & Associates, Inc. [Ver = 8.00.0085 | Size = 393216 bytes | Modified Date = 4/5/2006 8:44:08 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PROGRA~1\ExamSoft\SofTest\softest.exe -> %ProgramFiles%\ExamSoft\SofTest\SofTest.exe [C:\PROGRA~1\ExamSoft\SofTest\SofTest.exe:*:Enabled:SofTest] -> Developed by Rattet & Associates, Inc. [Ver = 8.00.0317 | Size = 2236416 bytes | Modified Date = 5/23/2006 1:58:20 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.2.0.35 | Size = 14778432 bytes | Modified Date = 6/1/2007 4:51:24 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> Hewlett-Packard Co. [Ver = 100.0.170.000 | Size = 214360 bytes | Modified Date = 10/14/2007 8:38:52 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> Hewlett-Packard Co. [Ver = 100.0.175.000 | Size = 184320 bytes | Modified Date = 10/19/2007 8:46:08 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> Hewlett-Packard Co. [Ver = 100.0.187.000 | Size = 283992 bytes | Modified Date = 11/2/2007 6:44:16 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> Hewlett-Packard Co. [Ver = 100.0.187.000 | Size = 53248 bytes | Modified Date = 11/2/2007 6:44:16 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> Hewlett-Packard Co. [Ver = 100.0.196.000 | Size = 107864 bytes | Modified Date = 11/16/2007 4:27:36 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> Hewlett-Packard [Ver = 010.000.000.573 | Size = 147456 bytes | Modified Date = 10/31/2007 3:45:22 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> Hewlett-Packard Co. [Ver = 100.0.187.000 | Size = 566616 bytes | Modified Date = 11/2/2007 6:44:16 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> Hewlett-Packard Co. [Ver = 100.0.196.000 | Size = 75096 bytes | Modified Date = 11/16/2007 4:27:36 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{01F6F6E3-8B44-4E66-857E-ED04A6F9B363} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{42D3CA5C-D877-4E38-8DFF-3F5F340939E8} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{DC4A6B68-A86C-4CED-8B16-941EAD0D89E2} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{131910E2-AB21-43BB-A0D7-90E0914A6055} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A00ECB34-6736-4877-B50C-003FB11783A0} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A2BAC751-E3F9-40BB-A3F7-870EB2248D37} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 7/21/2008 8:22:01 PM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 7/6/2008 3:38:43 PM | Attr =  H ]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 7/21/2008 8:52:18 PM | Attr =	]
HPZid412.sys -> %SystemRoot%\System32\drivers\HPZid412.sys -> HP [Ver = 10, 1, 0, 3 | Size = 49920 bytes | Created Date = 7/6/2008 3:58:10 PM | Attr = R  ]
HPZipr12.sys -> %SystemRoot%\System32\drivers\HPZipr12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 16496 bytes | Created Date = 7/6/2008 3:58:18 PM | Attr = R  ]
HPZius12.sys -> %SystemRoot%\System32\drivers\HPZius12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 21568 bytes | Created Date = 7/6/2008 3:55:22 PM | Attr = R  ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Created Date = 7/6/2008 3:40:32 PM | Attr =	]
hpovst11.dll -> %SystemRoot%\System32\hpovst11.dll -> Hewlett-Packard Co. [Ver = 82.0.168.000 | Size = 294912 bytes | Created Date = 7/6/2008 3:54:47 PM | Attr = R  ]
hppldcoi.dll -> %SystemRoot%\System32\hppldcoi.dll -> Hewlett-Packard [Ver = 2, 1, 1, 51 | Size = 364544 bytes | Created Date = 7/6/2008 3:54:47 PM | Attr = R  ]
hpwtiop3.dll -> %SystemRoot%\System32\hpwtiop3.dll -> Hewlett-Packard Co. [Ver = 110.0.62.000 | Size = 970752 bytes | Created Date = 7/6/2008 3:54:47 PM | Attr = R  ]
hpwwiax3.dll -> %SystemRoot%\System32\hpwwiax3.dll -> Hewlett-Packard [Ver = 6.0.0.0 | Size = 729088 bytes | Created Date = 7/6/2008 3:54:47 PM | Attr = R  ]
hpz3l5ha.dll -> %SystemRoot%\System32\hpz3l5ha.dll -> Hewlett-Packard Company [Ver = 61.071.244.00 | Size = 118272 bytes | Created Date = 7/6/2008 3:55:38 PM | Attr =	]
hpzids01.dll -> %SystemRoot%\System32\hpzids01.dll -> Hewlett-Packard [Ver = 10,0,0,76 | Size = 271704 bytes | Created Date = 7/6/2008 3:55:37 PM | Attr = R  ]
braveheart -> %SystemRoot%\braveheart ->  [Folder | Created Date = 7/6/2008 3:40:23 PM | Attr =	]
hpwins14.dat -> %SystemRoot%\hpwins14.dat ->  [Ver =  | Size = 180077 bytes | Created Date = 7/6/2008 3:37:17 PM | Attr =	]
hpwmdl14.dat -> %SystemRoot%\hpwmdl14.dat ->  [Ver =  | Size = 1108 bytes | Created Date = 7/6/2008 3:37:17 PM | Attr = R  ]
hpwscr14.dat -> %SystemRoot%\hpwscr14.dat ->  [Ver =  | Size = 12998 bytes | Created Date = 7/6/2008 3:40:25 PM | Attr = R  ]
hpzmsi01.exe -> %SystemRoot%\hpzmsi01.exe -> Hewlett-Packard [Ver = 10,0,0,76 | Size = 1140056 bytes | Created Date = 7/6/2008 3:40:25 PM | Attr = R  ]
hpzshl01.exe -> %SystemRoot%\hpzshl01.exe -> Hewlett-Packard [Ver = 10,0,0,76 | Size = 1373528 bytes | Created Date = 7/6/2008 3:40:26 PM | Attr = R  ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Hewlett-Packard -> %AllUsersProfile%\Application Data\Hewlett-Packard ->  [Folder | Created Date = 7/6/2008 3:57:47 PM | Attr =	]
HP -> %AllUsersProfile%\Application Data\HP ->  [Folder | Created Date = 7/6/2008 3:44:25 PM | Attr =	]
HP Product Assistant -> %AllUsersProfile%\Application Data\HP Product Assistant ->  [Folder | Created Date = 7/6/2008 3:45:46 PM | Attr =	]
HP -> %AppData%\HP ->  [Folder | Created Date = 7/6/2008 4:14:02 PM | Attr =	]
HPAppData -> %AppData%\HPAppData ->  [Folder | Created Date = 7/6/2008 4:20:05 PM | Attr =	]
WinPatrol -> %AppData%\WinPatrol ->  [Folder | Created Date = 7/18/2008 10:48:25 PM | Attr =	]
HP -> %UserProfile%\Local Settings\Application Data\HP ->  [Folder | Created Date = 7/6/2008 4:10:58 PM | Attr =	]
insurance letter.doc -> %UserProfile%\My Documents\insurance letter.doc ->  [Ver =  | Size = 22016 bytes | Created Date = 7/15/2008 7:43:39 PM | Attr =	]
My Scans -> %UserProfile%\My Documents\My Scans ->  [Folder | Created Date = 7/6/2008 4:34:32 PM | Attr =	]
~$surance letter.doc -> %UserProfile%\My Documents\~$surance letter.doc ->  [Ver =  | Size = 162 bytes | Created Date = 7/15/2008 7:43:40 PM | Attr =  H ]
HP Photosmart Essential 2.5.lnk -> %AllUsersProfile%\Desktop\HP Photosmart Essential 2.5.lnk ->  [Ver =  | Size = 1858 bytes | Created Date = 7/6/2008 3:49:46 PM | Attr =	]
HP Solution Center.lnk -> %AllUsersProfile%\Desktop\HP Solution Center.lnk ->  [Ver =  | Size = 984 bytes | Created Date = 7/6/2008 3:46:19 PM | Attr =	]
Saedra.lnk -> %AllUsersProfile%\Desktop\Saedra.lnk ->  [Ver =  | Size = 572 bytes | Created Date = 7/9/2008 8:09:14 PM | Attr =	]
Shop for HP Supplies.lnk -> %AllUsersProfile%\Desktop\Shop for HP Supplies.lnk ->  [Ver =  | Size = 1960 bytes | Created Date = 7/6/2008 3:48:20 PM | Attr =	]
bedskirt blue and yellow toile.jpg -> %UserProfile%\Desktop\bedskirt blue and yellow toile.jpg ->  [Ver =  | Size = 16436 bytes | Created Date = 6/30/2008 9:30:16 PM | Attr =	]
COMPUTER FIX-ITS -> %UserProfile%\Desktop\COMPUTER FIX-ITS ->  [Folder | Created Date = 7/18/2008 10:54:52 PM | Attr =	]
standard for 6-23-08.indd -> %UserProfile%\Desktop\standard for 6-23-08.indd ->  [Ver =  | Size = 3997696 bytes | Created Date = 6/29/2008 9:08:11 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\standard for 6-23-08.indd:Zone.Identifier
HP Digital Imaging Monitor.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ->  [Ver =  | Size = 1808 bytes | Created Date = 7/6/2008 3:44:43 PM | Attr =	]
2WireSetup.lnk -> %UserProfile%\Start Menu\Programs\Startup\2WireSetup.lnk ->  [Ver =  | Size = 675 bytes | Created Date = 7/13/2008 6:41:19 PM | Attr =	]
Hewlett-Packard -> %CommonProgramFiles%\Hewlett-Packard ->  [Folder | Created Date = 7/6/2008 3:42:20 PM | Attr =	]
HP -> %CommonProgramFiles%\HP ->  [Folder | Created Date = 7/6/2008 3:42:26 PM | Attr =	]
BillP Studios -> %ProgramFiles%\BillP Studios ->  [Folder | Created Date = 7/18/2008 10:47:52 PM | Attr =	]
Hewlett-Packard -> %ProgramFiles%\Hewlett-Packard ->  [Folder | Created Date = 7/6/2008 3:42:18 PM | Attr =	]
HP -> %ProgramFiles%\HP ->  [Folder | Created Date = 7/6/2008 3:39:52 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 7/21/2008 8:23:36 PM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 7/12/2008 10:44:18 AM | Attr =  H ]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 7/21/2008 8:52:18 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 266391552 bytes | Modified Date = 7/22/2008 8:09:30 AM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 7/22/2008 8:09:52 AM | Attr = R  ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 7/22/2008 8:09:57 AM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 7/21/2008 8:51:44 PM | Attr =	]
DLLCACHE -> %SystemRoot%\System32\DLLCACHE ->  [Folder | Modified Date = 7/21/2008 8:22:02 PM | Attr = RHS]
DRIVERS -> %SystemRoot%\System32\DRIVERS ->  [Folder | Modified Date = 7/21/2008 8:22:02 PM | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 7/6/2008 3:40:59 PM | Attr =	]
WPA.DBL -> %SystemRoot%\System32\WPA.DBL ->  [Ver =  | Size = 1170 bytes | Modified Date = 7/8/2008 6:56:47 PM | Attr =	]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 7/22/2008 8:09:31 AM | Attr =   S]
braveheart -> %SystemRoot%\braveheart ->  [Folder | Modified Date = 7/6/2008 3:40:26 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 7/21/2008 8:58:38 PM | Attr =   S]
hpwins14.dat -> %SystemRoot%\hpwins14.dat ->  [Ver =  | Size = 180077 bytes | Modified Date = 7/12/2008 5:55:06 PM | Attr =	]
INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 7/6/2008 3:54:38 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 7/12/2008 10:44:20 AM | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 7/22/2008 8:03:49 AM | Attr =	]
SYSTEM32 -> %SystemRoot%\SYSTEM32 ->  [Folder | Modified Date = 7/22/2008 7:29:17 AM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 7/22/2008 8:12:12 AM | Attr =	]
TWAIN_32 -> %SystemRoot%\TWAIN_32 ->  [Folder | Modified Date = 7/12/2008 10:40:45 AM | Attr =	]
WIN.INI -> %SystemRoot%\WIN.INI ->  [Ver =  | Size = 618 bytes | Modified Date = 7/12/2008 10:44:29 AM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 7/6/2008 3:44:56 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 7/22/2008 8:09:33 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 7/21/2008 8:22:43 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 7/21/2008 8:43:46 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 7/21/2008 8:43:46 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data ->  [Folder | Modified Date = 7/28/2003 4:59:49 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 3804 bytes | Modified Date = 2/16/2006 1:13:31 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data ->  [Folder | Modified Date = 6/21/2005 8:15:08 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\data.dat ->  [Ver =  | Size = 11860 bytes | Modified Date = 6/21/2005 8:15:27 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 7/21/2008 9:23:03 PM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 7/21/2008 9:23:03 PM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
daas_s.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 3:59:28 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
fsbld.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 7/21/2008 8:56:49 PM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
fsmart.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 7/21/2008 8:57:20 PM | Attr =	]
fspe32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 7/21/2008 8:57:03 PM | Attr =	]
fsup32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14205 | Size = 888832 bytes | Modified Date = 7/21/2008 8:57:20 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 7/21/2008 8:57:00 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fspe32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsup32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 7/21/2008 8:57:20 PM | Attr =	]
fsmart.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 7/21/2008 8:57:20 PM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14205 | Size = 888832 bytes | Modified Date = 7/21/2008 8:57:20 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 7/21/2008 8:57:00 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 7/21/2008 8:57:00 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 7/21/2008 8:57:03 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 7/21/2008 8:57:03 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 7/21/2008 8:56:49 PM | Attr =	]
fsblu.dll -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 7/21/2008 8:56:49 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 7/21/2008 9:23:03 PM | Attr =	]
ext.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 7/21/2008 8:56:45 PM | Attr =	]
fsedb.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 1025570 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
perf.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 7/21/2008 8:58:54 PM | Attr =	]
sae.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 7/21/2008 8:56:45 PM | Attr =	]
sai.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 7/21/2008 8:56:45 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 7/21/2008 8:56:46 PM | Attr =	]
ext.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 7/21/2008 8:56:45 PM | Attr =	]
sae.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 7/21/2008 8:56:45 PM | Attr =	]
sai.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 7/21/2008 8:56:45 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsedb.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 1025570 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 7/21/2008 9:23:03 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 7/21/2008 8:56:45 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 7/21/2008 8:56:21 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 7/21/2008 8:56:48 PM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 7/21/2008 8:57:20 PM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 7/21/2008 8:57:03 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 7/21/2008 8:57:00 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 7/21/2008 8:56:29 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 7/21/2008 8:56:46 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 7/21/2008 8:56:45 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\avpe\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\avpe ->  [Folder | Modified Date = 7/21/2008 8:56:44 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 7/21/2008 8:56:21 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 7/21/2008 8:56:29 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 7/21/2008 8:57:27 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 7/21/2008 8:57:16 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 7/21/2008 8:57:20 PM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 7/21/2008 8:57:20 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 7/21/2008 8:57:00 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 7/21/2008 8:57:00 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 7/21/2008 8:57:03 PM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 7/21/2008 8:57:03 PM | Attr =	]
C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 7/21/2008 8:56:49 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Saedra Pinkerton\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 7/21/2008 8:56:48 PM | Attr =	]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 7/22/2008 8:12:12 AM | Attr =	]
~ie8DF.exe -> C:\WINDOWS\Temp\~ie8DF.exe ->  [Ver =  | Size = 49664 bytes | Modified Date = 7/22/2008 7:28:44 AM | Attr =	]
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies ->  [Folder | Modified Date = 7/22/2008 8:12:10 AM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/22/2008 8:12:07 AM | Attr =	]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 7/22/2008 8:12:11 AM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/22/2008 8:12:07 AM | Attr =	]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 7/22/2008 8:12:10 AM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 7/22/2008 8:12:11 AM | Attr =	]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 7/22/2008 8:12:11 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 7/22/2008 8:12:11 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 7/22/2008 8:12:10 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 7/22/2008 8:12:10 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GF2T8BWB\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GF2T8BWB ->  [Folder | Modified Date = 7/22/2008 8:12:10 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GF2T8BWB\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 7/22/2008 8:12:10 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KHU7W96V\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KHU7W96V ->  [Folder | Modified Date = 7/22/2008 8:12:10 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KHU7W96V\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 7/22/2008 8:12:10 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SR4N45OR\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SR4N45OR ->  [Folder | Modified Date = 7/22/2008 8:12:10 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SR4N45OR\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 7/22/2008 8:12:10 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UXA587WF\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UXA587WF ->  [Folder | Modified Date = 7/22/2008 8:12:10 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UXA587WF\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 7/22/2008 8:12:10 AM | Attr =  HS]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Hewlett-Packard -> %AllUsersProfile%\Application Data\Hewlett-Packard ->  [Folder | Modified Date = 7/6/2008 3:57:47 PM | Attr =	]
HP -> %AllUsersProfile%\Application Data\HP ->  [Folder | Modified Date = 7/6/2008 3:45:47 PM | Attr =	]
HP Product Assistant -> %AllUsersProfile%\Application Data\HP Product Assistant ->  [Folder | Modified Date = 7/6/2008 3:45:47 PM | Attr =	]
HP -> %AppData%\HP ->  [Folder | Modified Date = 7/6/2008 4:14:02 PM | Attr =	]
HPAppData -> %AppData%\HPAppData ->  [Folder | Modified Date = 7/18/2008 9:31:43 PM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 7/13/2008 6:30:16 PM | Attr =   S]
U3 -> %AppData%\U3 ->  [Folder | Modified Date = 7/13/2008 6:31:17 PM | Attr =	]
WinPatrol -> %AppData%\WinPatrol ->  [Folder | Modified Date = 7/18/2008 10:48:25 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 12800 bytes | Modified Date = 7/12/2008 6:07:37 PM | Attr =	]
HP -> %UserProfile%\Local Settings\Application Data\HP ->  [Folder | Modified Date = 7/6/2008 4:10:58 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 5365496 bytes | Modified Date = 7/6/2008 6:29:33 PM | Attr =  H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 7/4/2008 12:40:41 PM | Attr =	]
insurance letter.doc -> %UserProfile%\My Documents\insurance letter.doc ->  [Ver =  | Size = 22016 bytes | Modified Date = 7/15/2008 7:43:40 PM | Attr =	]
My Scans -> %UserProfile%\My Documents\My Scans ->  [Folder | Modified Date = 7/6/2008 4:34:32 PM | Attr =	]
~$surance letter.doc -> %UserProfile%\My Documents\~$surance letter.doc ->  [Ver =  | Size = 162 bytes | Modified Date = 7/15/2008 7:43:40 PM | Attr =  H ]
Citrix Program Neighborhood.lnk2 -> %AllUsersProfile%\Desktop\Citrix Program Neighborhood.lnk2 ->  [Ver =  | Size = 2355 bytes | Modified Date = 7/17/2008 3:18:17 PM | Attr =	]
HP Photosmart Essential 2.5.lnk -> %AllUsersProfile%\Desktop\HP Photosmart Essential 2.5.lnk ->  [Ver =  | Size = 1858 bytes | Modified Date = 7/6/2008 3:49:46 PM | Attr =	]
HP Solution Center.lnk -> %AllUsersProfile%\Desktop\HP Solution Center.lnk ->  [Ver =  | Size = 984 bytes | Modified Date = 7/6/2008 3:46:19 PM | Attr =	]
Program Neighborhood Agent.lnk -> %AllUsersProfile%\Desktop\Program Neighborhood Agent.lnk ->  [Ver =  | Size = 2379 bytes | Modified Date = 7/16/2008 6:24:43 PM | Attr =	]
Saedra.lnk -> %AllUsersProfile%\Desktop\Saedra.lnk ->  [Ver =  | Size = 572 bytes | Modified Date = 7/9/2008 8:09:15 PM | Attr =	]
Shop for HP Supplies.lnk -> %AllUsersProfile%\Desktop\Shop for HP Supplies.lnk ->  [Ver =  | Size = 1960 bytes | Modified Date = 7/6/2008 3:48:20 PM | Attr =	]
bedskirt blue and yellow toile.jpg -> %UserProfile%\Desktop\bedskirt blue and yellow toile.jpg ->  [Ver =  | Size = 16436 bytes | Modified Date = 6/30/2008 6:53:41 PM | Attr =	]
COMPUTER FIX-ITS -> %UserProfile%\Desktop\COMPUTER FIX-ITS ->  [Folder | Modified Date = 7/22/2008 7:36:54 AM | Attr =	]
standard for 6-23-08.indd -> %UserProfile%\Desktop\standard for 6-23-08.indd ->  [Ver =  | Size = 3997696 bytes | Modified Date = 6/29/2008 9:08:12 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\standard for 6-23-08.indd:Zone.Identifier
Thumbs.db -> %UserProfile%\Desktop\Thumbs.db ->  [Ver =  | Size = 101376 bytes | Modified Date = 7/12/2008 10:22:21 AM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
2Wire Wireless Client.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\2Wire Wireless Client.lnk ->  [Ver =  | Size = 810 bytes | Modified Date = 7/13/2008 6:40:47 PM | Attr =	]
HP Digital Imaging Monitor.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ->  [Ver =  | Size = 1808 bytes | Modified Date = 7/6/2008 3:44:43 PM | Attr =	]
Program Neighborhood Agent.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk ->  [Ver =  | Size = 2391 bytes | Modified Date = 7/22/2008 8:09:55 AM | Attr =	]
2WireSetup.lnk -> %UserProfile%\Start Menu\Programs\Startup\2WireSetup.lnk ->  [Ver =  | Size = 675 bytes | Modified Date = 7/13/2008 6:41:19 PM | Attr =	]
Hewlett-Packard -> %CommonProgramFiles%\Hewlett-Packard ->  [Folder | Modified Date = 7/6/2008 3:42:20 PM | Attr =	]
HP -> %CommonProgramFiles%\HP ->  [Folder | Modified Date = 7/6/2008 3:42:26 PM | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 7/22/2008 8:15:45 AM | Attr =	]

< End of report >


F Secure Report (which found 13 viruses -- wowsers)

F-Secure Online Scanner 3.3.1 - Scanning Report - Tuesday, July 22, 2008 07:32:18Scanning 
Report
Monday, July 21, 2008 20:58:49 - 07:30:23
Computer name: SAEDRACOMPUTER 
Scanning type: Scan system for malware, rootkits 
Target: C:\ 



Result: 13 malware found
Backdoor.Win32.Agent (virus) 
  System 
Backdoor.Win32.Agent.mqh (virus) 
  C:\WINDOWS\SYSTEM32\ASPIMGR.EXE (Renamed & Submitted) 
Hoax.Win32.Renos.vaoi (virus) 
  C:\SYSTEM VOLUME 
  INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP917\A0143294.EXE 
  (Submitted) 
  C:\SYSTEM VOLUME 
  INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP917\A0143302.EXE 
  (Submitted) 
  C:\SYSTEM VOLUME 
  INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP916\A0143247.EXE 
  (Submitted) 
  C:\SYSTEM VOLUME 
  INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP916\A0143248.EXE 
  (Submitted) 
  C:\SYSTEM VOLUME 
  INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP915\A0143226.EXE 
  (Submitted) 
  C:\SYSTEM VOLUME 
  INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP915\A0143235.EXE 
  (Submitted) 
  C:\SYSTEM VOLUME 
  INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP915\A0143236.EXE 
  (Submitted) 
Net-Worm.Win32.Lovesan.a (virus) 
  C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\705B37B0 (Renamed) 
W32/Suspicious_U.gen (virus) 
  C:\SYSTEM VOLUME 
  INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP917\A0143304.EXE 
  (Submitted) 
  C:\SYSTEM VOLUME 
  INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP916\A0143253.EXE 
  (Submitted) 
  C:\SYSTEM VOLUME 
  INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP915\A0143240.EXE 
  (Submitted) 



Statistics
Scanned:
  Files: 39535 
  System: 3989 
  Not scanned: 8 
Actions:
  Disinfected: 0 
  Renamed: 2 
  Deleted: 0 
  None: 11 
  Submitted: 11 
Files not scanned:
  C:\HIBERFIL.SYS 
  C:\PAGEFILE.SYS 
  C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT 
  C:\WINDOWS\SYSTEM32\CONFIG\SAM 
  C:\WINDOWS\SYSTEM32\CONFIG\SECURITY 
  C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE 
  C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM 
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL 



Options
Scanning engines:
  F-Secure USS: 2.30.0 
  F-Secure Hydra: 2.8.8110, 2008-07-21 
  F-Secure AVP: 7.0.171, 2008-07-21 
  F-Secure Pegasus: 1.20.0, 2008-04-14 
  F-Secure Blacklight: 1.0.68 
Scanning options:
  Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF 
  VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI 
  MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 
  TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB 
  BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR 
  Use Advanced heuristics 



  Copyright © 1998-2007 Product support |Send virus sample to F-Secure
  F-Secure assumes no responsibility for material created or published by third 
  parties that F-Secure World Wide Web pages have a link to. Unless you have 
  clearly stated otherwise, by submitting material to any of our servers, for 
  example by E-mail or via our F-Secure's CGI E-mail, you agree that the 
  material you make available may be published in the F-Secure World Wide Pages 
  or hard-copy publications. You will reach F-Secure public web site by clicking 
  on underlined links. While doing this, your access will be logged to our 
  private access statistics with your domain name.This information will not be 
  given to any third party. You agree not to take action against us in relation 
  to material that you submit. Unless you have clearly stated otherwise, by 
  submitting material you warrant that F-Secure may incorporate any concepts 
  described in it in the F-Secure products/publications without liability.


The computer seems to be running a little better. The Red Circle is gone. Will you PLEASE delete the mentions of the user of this computer's name when you get done?

Edited by Holy Moses, 22 July 2008 - 08:23 AM.


#8 Holy Moses

Holy Moses
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 22 July 2008 - 08:28 AM

Attachments aren't attaching. I'm geting an "Upload failed. The file was larger than the available space" error.

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:20 PM

Posted 22 July 2008 - 08:56 AM

Hi Holy Moses. That looks much better. There's just a couple of left-over registry entries we need to take care of.

First, disable Winpatrol. Right-click the System Tray icon (looks like a little dog) and choose Exit.

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> cru629.dat.lnk -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YN -> C:\WINDOWS\system32\ntos.exe -> %SystemRoot%\system32\ntos.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Close Notepad and OTScanIt.

Now go ahead and run the system normally for a couple of days and then get back with me and let me know if there are any continuing issues. If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 Holy Moses

Holy Moses
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 22 July 2008 - 04:35 PM

Thanks OT

I'm out of town, but I'll run this script on Friday. Thanks for your help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users