Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not Being Allowed To Navigate To Google.com, Gmail.com, Blogger.com, Yahoo.com Etc....


  • This topic is locked This topic is locked
13 replies to this topic

#1 CharisNS

CharisNS

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 29 July 2008 - 02:45 PM

I seem to have some malware that is keeping me from performing the following actions:

conducting Google searches -- can get to home page but no where else
accessing Gmail -- most of the time, not when I go through the Gtalk client
accessing Blogger --- can get to home page but no where else
accessing Yahoo
getting Window Defender updates.

I have performed scans using a number of programs, from Avast, to AVG to Spybot and they find things but don't solve the problem. I have isolated 2 unusual files in the my msconfig startup and have temporarily disabled them from startup --- they are 2a715266 associated with windows\system32\gudjqpge.dll and BM29426114 associated with windows\system32\huthuvfj.dll.

Help!

Here are my logs.....

******************************************************************
Deckard's System Scanner v20071014.68
Run by Charis Simms on 2008-07-29 16:19:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 4 Restore Point(s) --
4: 2008-07-29 18:40:36 UTC - RP328 - Scheduled Checkpoint
3: 2008-07-28 20:17:29 UTC - RP327 - Installed AVG Free 8.0
2: 2008-07-27 16:29:45 UTC - RP326 - Scheduled Checkpoint
1: 2008-07-26 17:29:34 UTC - RP325 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-29 16:21:57
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Charis Simms\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozy\mozystat.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Vongo\Tray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\System32\taskmgr.exe
C:\Users\Charis Simms\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: (no name) - {26E79A3C-133F-49CC-89D5-6313EEFC6204} - C:\Windows\system32\awtsPFUL.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: {860a1c6d-1e6f-6309-96a4-0159155b21e3} - {3e12b551-9510-4a69-9036-f6e1d6c1a068} - C:\Windows\system32\iqkbhg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7DEBD9E6-53F6-4871-BD02-F02E7E52DDF6} - C:\Windows\system32\vfcywwtb.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C} - C:\Windows\system32\ljJYRKcA.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJYRKcA.dll,#1
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [2a715288] rundll32.exe "C:\Windows\system32\gudjqpge.dll",b
O4 - HKLM\..\Run: [BM29426114] Rundll32.exe "C:\Windows\system32\huthuvfj.dll",s
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Charis Simms\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [mSpotAT&TRemix] "C:\Program Files\mSpot\Remix\AT&T\msptcmd.exe" /runcheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\Mozy\mozystat.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = ?
O4 - Global Startup: Vongo Tray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: https://west.com (HKCU)
O15 - Trusted Zone: https://workathomeagent.com (HKCU)
O15 - Trusted Zone: https://workathomeagent.net (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\Mozy\mozybackup.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 21332 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 timounter (Acronis True Image Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 tifsfilter (Acronis True Image FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R2 Vongo Service - c:\program files\vongo\vongoservice.exe <Not Verified; Starz Entertainment Group LLC; Vongo>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-29 and 2008-07-29 -----------------------------

2008-07-29 11:17:00 0 d-------- C:\Windows\system32\HouseCall 6.6
2008-07-28 23:18:22 0 d-------- C:\Program Files\Panda Security
2008-07-28 21:45:30 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-28 16:21:55 0 d--h----- C:\$AVG8.VAULT$
2008-07-28 16:19:41 0 d-------- C:\Windows\system32\drivers\Avg
2008-07-28 16:18:26 0 d-------- C:\Program Files\AVG
2008-07-28 16:18:23 0 d-------- C:\Users\All Users\avg8
2008-07-27 11:47:04 822772 --ahs---- C:\Windows\system32\opXaIRqr.ini2
2008-07-26 13:26:57 894582 --ahs---- C:\Windows\system32\LUFPstwa.ini2
2008-07-20 23:18:03 0 d-------- C:\Program Files\iPod
2008-07-20 23:15:43 0 d-------- C:\Program Files\Bonjour
2008-07-20 23:13:48 0 d-------- C:\Program Files\QuickTime
2008-07-20 22:36:24 0 d-------- C:\Users\Charis Simms\{793d1f4e-e2d1-40ff-b2a1-d9007a893298}


-- Find3M Report ---------------------------------------------------------------

2008-07-29 11:34:25 12 --a------ C:\Windows\bthservsdp.dat
2008-07-29 11:29:55 0 d-------- C:\Users\Charis Simms\AppData\Roaming\HouseCall 6.6
2008-07-27 11:36:42 0 d-------- C:\Users\Charis Simms\AppData\Roaming\uTorrent
2008-07-26 14:01:54 0 d-------- C:\Program Files\Trillian
2008-07-20 23:18:32 0 d-------- C:\Program Files\iTunes
2008-07-20 22:24:24 0 d-------- C:\Program Files\Apple Software Update
2008-07-20 22:19:54 0 d-------- C:\Program Files\Safari
2008-07-19 18:43:58 0 d-------- C:\Program Files\Picasa2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26E79A3C-133F-49CC-89D5-6313EEFC6204}]
C:\Windows\system32\awtsPFUL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3e12b551-9510-4a69-9036-f6e1d6c1a068}]
C:\Windows\system32\iqkbhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DEBD9E6-53F6-4871-BD02-F02E7E52DDF6}]
C:\Windows\system32\vfcywwtb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/28/2008 04:19 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C}]
C:\Windows\system32\ljJYRKcA.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/08/2007 12:18 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/15/2007 03:50 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 02:11 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 07:59 AM]
"IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [01/13/2007 04:28 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [03/28/2007 08:45 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [02/13/2007 02:38 PM]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 04:18 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 07:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [02/16/2007 06:45 PM]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [02/16/2007 06:57 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [02/16/2007 06:49 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 09:00 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 08:23 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/27/2008 11:46 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [08/24/2007 07:54 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [08/24/2007 07:54 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [08/24/2007 07:54 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/23/2006 12:24 AM]
"@"="" []
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 03:29 AM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [05/09/2008 02:37 PM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"MSServer"="C:\Windows\system32\ljJYRKcA.dll" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/28/2008 04:18 PM]
"MSConfig"="C:\Windows\system32\msconfig.exe" [11/02/2006 05:45 AM]
"2a715288"="C:\Windows\system32\gudjqpge.dll" []
"BM29426114"="C:\Windows\system32\huthuvfj.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [03/20/2007 06:23 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"googletalk"="C:\Users\Charis Simms\AppData\Roaming\Google\Google Talk\googletalk.exe" [01/01/2007 05:22 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/25/2007 12:26 AM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [02/25/2008 09:23 PM]
"Skype"="C:\Program Files\Skype\\Phone\Skype.exe" [09/24/2007 01:11 PM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 08:35 AM]
"mSpotAT&TRemix"="C:\Program Files\mSpot\Remix\AT&T\msptcmd.exe" [03/14/2008 09:02 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [11/4/2007 4:31:16 PM]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 1:01:50 AM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/24/2007 8:58:59 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [6/25/2007 12:26:01 AM]
Mozy Status.lnk - C:\Program Files\Mozy\mozystat.exe [8/25/2007 7:30:24 PM]
MozyHome Status.lnk - C:\Program Files\Mozy\mozystat.exe [8/25/2007 7:30:24 PM]
Program Neighborhood Agent.lnk - C:\Windows\Installer\{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [7/7/2007 10:02:32 AM]
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [4/19/2007 3:21:17 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/28/2008 11:20:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C}"= C:\Windows\system32\ljJYRKcA.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap C:\Windows\system32\awtsPFUL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2a715288]
rundll32.exe "C:\Windows\system32\gudjqpge.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM29426114]
Rundll32.exe "C:\Windows\system32\huthuvfj.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d18cde91-e53c-11dc-87b0-001b24433824}]
AutoRun\command- J:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
*Newly Created Service* - PAVBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8910 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-29 16:23:43 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5300 @ 1.73GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 2037.44 MiB / 885.78 MiB
Pagefile Memory (total/avail): 4293.39 MiB / 2772.24 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.66 MiB

C: is Fixed (NTFS) - 140.92 GiB total, 48 GiB free.
D: is Fixed (NTFS) - 8.13 GiB total, 1.77 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Removable (FAT)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1637GSX ATA Device - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 140.92 GiB - C:
\PARTITION1 - Installable File System - 8.13 GiB - D:

\\.\PHYSICALDRIVE1 - SD Memory Card - 7.84 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 982.38 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FW: Norton Internet Security v2007 (Symantec Corporation) Disabled
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: avast! antivirus 4.7.1098 [VPS 080729-0] v4.7.1098 (ALWIL Software)
AV: Norton Internet Security v2007 (Symantec Corporation) Outdated
AS: AVG Anti-Virus Free v8.0 (AVG Technologies) Disabled
AS: Spybot - Search and Destroy v1.0.0.6 (Safer Networking Ltd.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton Internet Security v2007 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
""=""
"C:\\Program Files\\Vongo\\VongoService.exe"="C:\\Program Files\\Vongo\\VongoService.exe:*:enabled:VongoService"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Charis Simms\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHARISSIMMS-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Charis Simms
LOCALAPPDATA=C:\Users\Charis Simms\AppData\Local
LOGONSERVER=\\CHARISSIMMS-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\CHARIS~1\AppData\Local\Temp
TMP=C:\Users\CHARIS~1\AppData\Local\Temp
USERDOMAIN=CharisSimms-PC
USERNAME=Charis Simms
USERPART=E:
USERPROFILE=C:\Users\Charis Simms
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Charis Simms (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
--> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Final Drive Fury\Uninstall.exe"
--> "C:\Program Files\HP Games\Flip Words\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
--> "C:\Program Files\HP Games\Otto\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Snowboard SuperJam\Uninstall.exe"
--> "C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Acronis True Image Home --> MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat 8 Professional - English, Français, Deutsch --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AnswerWorks 5.0 English Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ask Toolbar --> rundll32 C:\PROGRA~1\AskPBar\bar\1.bin\AskPBar.dll,O
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Citrix Presentation Server Client --> MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.EXE -U -IwisR30B7.inf
ESU for Microsoft Vista --> MsiExec.exe /X{39523EA4-F914-4447-A551-2513766095F5}
Funambol Outlook Plug-in 6.5.7 --> C:\Program Files\Funambol\Outlook Plug-in\uninst.exe
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Talk (remove only) --> "C:\Users\Charis Simms\AppData\Roaming\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HouseCall 6.6 --> "C:\Users\Charis Simms\AppData\Roaming\HouseCall 6.6\uninstaller.exe"
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{11BB336F-0E58-4977-B866-F24FA334616B}\setup.exe -runfromtemp -l0x0409
HP Active Support Library 32 bit components --> MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{584B0895-8EF3-4175-8E80-1B68BFA04636}
HP Pavilion Webcam Driver for Vista v061.001.00005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x9 -removeonly
HP Photosmart Essential 2.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Total Care Advisor --> MsiExec.exe /X{F6B29003-A078-4491-AFBE-62EFB6CFFE19}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0082 --> MsiExec.exe /I{FCCC555E-166C-426A-A98C-39C80AE7C081}
HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HPNetworkAssistant --> MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
ImTOO DVD Creator --> C:\Program Files\ImTOO\DVD Creator3\Uninstall.exe
ImTOO DVD Ripper Platinum 4 --> C:\Program Files\ImTOO\DVD Ripper Platinum 4\Uninstall.exe
ImTOO MPEG Encoder --> C:\Program Files\ImTOO\MPEG Encoder 3\Uninstall.exe
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MozyHome 1.8.8.0 --> "C:\Program Files\Mozy\uninstall\unins000.exe"
MSCU for Microsoft Vista --> MsiExec.exe /X{3FFB3B34-D639-4384-9AE9-DDE58430D86F}
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
mSpot Remix 2.0.23 --> C:\Program Files\mSpot\Remix\AT&T\RemixUninst.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
muvee autoProducer 6.0 --> C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
Napster --> C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Nero 6 Demo --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RapidPlayer v4.0 ActiveX Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C2F32D-C5DD-4583-8181-B48591CA231C}\Setup.exe" -l0x9
RemoteCalendars --> MsiExec.exe /I{C43CF61F-A69A-46AB-B6FA-A2C9F7569C7F}
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnagIt 8 --> MsiExec.exe /I{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
Visual Studio 2005 Tools for Office Second Edition Runtime --> c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Vongo --> MsiExec.exe /X{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Mobile Device Center --> MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Mobile Device Center Driver Update --> MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! IE Search Suggest --> C:\PROGRA~1\Yahoo!\Search\UNINST~1.EXE
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type6460 / Error
Event Submitted/Written: 07/29/2008 04:18:45 PM
Event ID/Source: 8194 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {5628f167-4c55-4534-84bb-96e1345d48a0}

Event Record #/Type6454 / Error
Event Submitted/Written: 07/29/2008 01:44:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ccApp.exe, version 106.2.0.21, time stamp 0x45a467ef, faulting module NSCWSCR2.DLL, version 2007.2.0.22, time stamp 0x45a9b0db, exception code 0xc0000005, fault offset 0x0001c9d8,
process id 0x754, application start time 0xccApp.exe0.

Event Record #/Type6451 / Warning
Event Submitted/Written: 07/29/2008 01:42:48 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007041D

Event Record #/Type6450 / Warning
Event Submitted/Written: 07/29/2008 01:42:08 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{AC76BA86-1033-F400-7760-000000000003}', feature 'ViewerProgramFiles' failed during request for component '{0B326C13-8902-4CB2-A6CC-B52B463A267F}'

Event Record #/Type6449 / Warning
Event Submitted/Written: 07/29/2008 01:42:07 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{AC76BA86-1033-F400-7760-000000000003}', feature 'ViewerProgramFiles', component '{347553B7-2470-4BDD-A758-09A9BF9B2015}' failed. The resource 'HKEY_CLASSES_ROOT\AcroExch.XDPDoc\CLSID\' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type53150 / Warning
Event Submitted/Written: 07/29/2008 04:12:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%CharisSimms-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %CharisSimms-PC27 can't undo changes that you allow.

For more information please see the following:
%CharisSimms-PC275

Scan ID: {EA5FD0CD-93AE-4789-8CFB-957A0D870AD4}

User: CharisSimms-PC\Charis Simms

Name: %CharisSimms-PC271

ID: %CharisSimms-PC272

Severity ID: %CharisSimms-PC273

Category ID: %CharisSimms-PC274

Path Found: %CharisSimms-PC276

Alert Type: %CharisSimms-PC278

Detection Type: 1.1.1505.02

Event Record #/Type53138 / Error
Event Submitted/Written: 07/29/2008 01:42:48 PM
Event ID/Source: 10005 / DCOM
Event Description:
1053MSIServer{000C101C-0000-0000-C000-000000000046}

Event Record #/Type53117 / Error
Event Submitted/Written: 07/29/2008 11:37:40 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Network List ServiceNetwork Location Awareness%%1068

Event Record #/Type53116 / Error
Event Submitted/Written: 07/29/2008 11:37:36 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Network List ServiceNetwork Location Awareness%%1068

Event Record #/Type53115 / Error
Event Submitted/Written: 07/29/2008 11:37:36 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Network List ServiceNetwork Location Awareness%%1068



-- End of Deckard's System Scanner: finished at 2008-07-29 16:23:43 ------------

Edited by CharisNS, 29 July 2008 - 03:28 PM.


BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:01 AM

Posted 30 July 2008 - 03:47 PM

Hello CharisNS,

I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time.
You have three antivirus products installed on your computer: Norton, Avast, and AVG. :thumbsup:

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection.

In general terms, the three programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove two of these (leave one of them).
AVG Antivirus, Norton Antivirus, Avast Antivirus





I have isolated 2 unusual files in the my msconfig startup and have temporarily disabled them from startup --- they are 2a715266 associated with windows\system32\gudjqpge.dll and BM29426114 associated with windows\system32\huthuvfj.dll

.

I see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure.

This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:

Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press ok until you are out of the program.
If it asks to reboot, do not reboot. It is not necessary to reboot to get the items to show up in HijackThis.


I notice that you have Spybot's TeaTimer and Windows Defender running.
While these are normally a wonderful tools to protect against hijackers, it can also interfere with the fixes.
Disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Edited by SifuMike, 30 July 2008 - 04:10 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 CharisNS

CharisNS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 31 July 2008 - 09:53 AM

Yeah, I started trying all those programs when I started noticing this problem. They were not all on my computer when this started.....

Great news..... I noticed that I can now surf to the the sites that I could not before. Is there something else that I should do?

Here is my mbam log..........................

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 6.0.6000

10:46:11 AM 7/31/2008
mbam-log-7-31-2008 (10-46-11).txt

Scan type: Quick Scan
Objects scanned: 36827
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e12b551-9510-4a69-9036-f6e1d6c1a068} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e12b551-9510-4a69-9036-f6e1d6c1a068} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e5646f36-145e-4f1d-b6d1-87c5efc5ba1c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e5646f36-145e-4f1d-b6d1-87c5efc5ba1c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e5646f36-145e-4f1d-b6d1-87c5efc5ba1c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\iqkbhg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
*************************************************

Hijack This log:

Deckard's System Scanner v20071014.68
Run by Charis Simms on 2008-07-31 10:48:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Charis Simms.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:57 AM, on 7/31/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Napster\napster.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Charis Simms\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozy\mozystat.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Vongo\Tray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Charis Simms\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Charis Simms.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {26E79A3C-133F-49CC-89D5-6313EEFC6204} - C:\Windows\system32\awtsPFUL.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7DEBD9E6-53F6-4871-BD02-F02E7E52DDF6} - C:\Windows\system32\vfcywwtb.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [2a715288] rundll32.exe "C:\Windows\system32\gudjqpge.dll",b
O4 - HKLM\..\Run: [BM29426114] Rundll32.exe "C:\Windows\system32\huthuvfj.dll",s
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Charis Simms\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [mSpotAT&TRemix] "C:\Program Files\mSpot\Remix\AT&T\msptcmd.exe" /runcheck
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\Mozy\mozystat.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = ?
O4 - Global Startup: Vongo Tray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\Mozy\mozybackup.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 16993 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 10:48:40 0 d-------- C:\Program Files\Trend Micro
2008-07-31 10:35:15 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-31 10:35:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 10:26:06 0 d-------- C:\Users\All Users\Avg8
2008-07-29 11:17:00 0 d-------- C:\Windows\system32\HouseCall 6.6
2008-07-28 23:18:22 0 d-------- C:\Program Files\Panda Security
2008-07-28 21:45:30 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-28 16:18:26 0 d-------- C:\Program Files\AVG
2008-07-27 11:47:04 822772 --ahs---- C:\Windows\system32\opXaIRqr.ini2
2008-07-26 13:26:57 894582 --ahs---- C:\Windows\system32\LUFPstwa.ini2
2008-07-20 23:18:03 0 d-------- C:\Program Files\iPod
2008-07-20 23:15:43 0 d-------- C:\Program Files\Bonjour
2008-07-20 23:13:48 0 d-------- C:\Program Files\QuickTime
2008-07-20 22:36:24 0 d-------- C:\Users\Charis Simms\{793d1f4e-e2d1-40ff-b2a1-d9007a893298}


-- Find3M Report ---------------------------------------------------------------

2008-07-31 10:35:22 0 d-------- C:\Users\Charis Simms\AppData\Roaming\Malwarebytes
2008-07-31 10:27:10 12 --a------ C:\Windows\bthservsdp.dat
2008-07-31 10:23:02 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-31 10:20:38 0 d-------- C:\Program Files\Common Files
2008-07-29 11:29:55 0 d-------- C:\Users\Charis Simms\AppData\Roaming\HouseCall 6.6
2008-07-27 11:36:42 0 d-------- C:\Users\Charis Simms\AppData\Roaming\uTorrent
2008-07-26 14:01:54 0 d-------- C:\Program Files\Trillian
2008-07-20 23:18:32 0 d-------- C:\Program Files\iTunes
2008-07-20 22:24:24 0 d-------- C:\Program Files\Apple Software Update
2008-07-20 22:19:54 0 d-------- C:\Program Files\Safari
2008-07-19 18:43:58 0 d-------- C:\Program Files\Picasa2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26E79A3C-133F-49CC-89D5-6313EEFC6204}]
C:\Windows\system32\awtsPFUL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DEBD9E6-53F6-4871-BD02-F02E7E52DDF6}]
C:\Windows\system32\vfcywwtb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/08/2007 12:18 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/15/2007 03:50 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 02:11 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [03/28/2007 08:45 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [02/13/2007 02:38 PM]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 04:18 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 07:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [02/16/2007 06:45 PM]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [02/16/2007 06:57 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [02/16/2007 06:49 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 09:00 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 08:23 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/27/2008 11:46 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [08/24/2007 07:54 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [08/24/2007 07:54 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [08/24/2007 07:54 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/23/2006 12:24 AM]
"@"="" []
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 03:29 AM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [05/09/2008 02:37 PM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"2a715288"="C:\Windows\system32\gudjqpge.dll" []
"BM29426114"="C:\Windows\system32\huthuvfj.dll" []
"MSConfig"="C:\Windows\system32\msconfig.exe" [11/02/2006 05:45 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [03/20/2007 06:23 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"googletalk"="C:\Users\Charis Simms\AppData\Roaming\Google\Google Talk\googletalk.exe" [01/01/2007 05:22 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/25/2007 12:26 AM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [02/25/2008 09:23 PM]
"Skype"="C:\Program Files\Skype\\Phone\Skype.exe" [09/24/2007 01:11 PM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 08:35 AM]
"mSpotAT&TRemix"="C:\Program Files\mSpot\Remix\AT&T\msptcmd.exe" [03/14/2008 09:02 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [11/4/2007 4:31:16 PM]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 1:01:50 AM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/24/2007 8:58:59 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [6/25/2007 12:26:01 AM]
Mozy Status.lnk - C:\Program Files\Mozy\mozystat.exe [8/25/2007 7:30:24 PM]
MozyHome Status.lnk - C:\Program Files\Mozy\mozystat.exe [8/25/2007 7:30:24 PM]
Program Neighborhood Agent.lnk - C:\Windows\Installer\{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [7/7/2007 10:02:32 AM]
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [4/19/2007 3:21:17 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/28/2008 11:20:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap C:\Windows\system32\awtsPFUL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d18cde91-e53c-11dc-87b0-001b24433824}]
AutoRun\command- J:\LaunchU3.exe -a

*Newly Created Service* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-31 10:49:25 ------------

Edited by CharisNS, 31 July 2008 - 09:57 AM.


#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:01 AM

Posted 31 July 2008 - 01:24 PM

Hi CharisNS,

You still are heavily infected.

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post.
If the file is too big to post, then you can upload it to me here. Let me know when you post it.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 CharisNS

CharisNS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 01 August 2008 - 09:08 AM

Okay.... working along but I am having trouble downloading OTScanIT. I have tried on a couple computers but the file is not being served up for me to pull down.

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:01 AM

Posted 01 August 2008 - 10:25 AM

I just tried downloading it at the site and it worked OK. Keep trying.

Here is an alternate download site for OTScanIt

Edited by SifuMike, 01 August 2008 - 10:37 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 CharisNS

CharisNS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 01 August 2008 - 11:26 AM

Apparently it was a Firefox issue.... no problem in IE for either link.... Running now....

#8 CharisNS

CharisNS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 01 August 2008 - 11:38 AM

It was too big so I had to post it. Avast did not like that OTScanIT program.... kept saying it was a virus and blocking it.

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:01 AM

Posted 01 August 2008 - 01:18 PM

Hi CharisNS,

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%allusersprofile%\bm29426114.xml
%allusersprofile%\pskt.ini
%systemroot%\system32\egpqjdug.ini
%systemroot%\system32\hsooftto.ini
%systemroot%\system32\lufpstwa.ini
%systemroot%\system32\lufpstwa.ini2
%systemroot%\system32\opxairqr.ini
%systemroot%\system32\opxairqr.ini2

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Script Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> 2a715288 -> %SystemRoot%\system32\gudjqpge.DLL [rundll32.exe "C:\Windows\system32\gudjqpge.dll",b]
YN -> BM29426114 -> %SystemRoot%\system32\huthuvfj.DLL [Rundll32.exe "C:\Windows\system32\huthuvfj.dll",s]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {0A94B111-4504-4e26-AB05-E61E474AA38B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {26E79A3C-133F-49CC-89D5-6313EEFC6204} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awtsPFUL.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {7DEBD9E6-53F6-4871-BD02-F02E7E52DDF6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\vfcywwtb.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
NY -> egpqjdug.ini -> %SystemRoot%\System32\egpqjdug.ini
NY -> hsooftto.ini -> %SystemRoot%\System32\hsooftto.ini
NY -> LUFPstwa.ini -> %SystemRoot%\System32\LUFPstwa.ini
NY -> LUFPstwa.ini2 -> %SystemRoot%\System32\LUFPstwa.ini2
NY -> opXaIRqr.ini -> %SystemRoot%\System32\opXaIRqr.ini
NY -> opXaIRqr.ini2 -> %SystemRoot%\System32\opXaIRqr.ini2
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> BM29426114.xml -> %AllUsersProfile%\BM29426114.xml
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
[Files/Folders - Modified Within 30 days]
NY -> egpqjdug.ini -> %SystemRoot%\System32\egpqjdug.ini
NY -> hsooftto.ini -> %SystemRoot%\System32\hsooftto.ini
NY -> LUFPstwa.ini -> %SystemRoot%\System32\LUFPstwa.ini
NY -> LUFPstwa.ini2 -> %SystemRoot%\System32\LUFPstwa.ini2
NY -> opXaIRqr.ini -> %SystemRoot%\System32\opXaIRqr.ini
NY -> opXaIRqr.ini2 -> %SystemRoot%\System32\opXaIRqr.ini2
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> BM29426114.xml -> %AllUsersProfile%\BM29426114.xml
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:


    • File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:1. The Avenger report (c:\Avenger.txt). This will be a short report so you can post it.

2. The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. ) This will be a short report so you can post it.

3. The new OTScanIt scan log. If you cant post it because it is too big, then you can upload the new scan log to me here. Let me know if you upload it.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Edited by SifuMike, 01 August 2008 - 01:21 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 CharisNS

CharisNS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 02 August 2008 - 12:15 PM

The Avenger log file seems to be password protected for some reason..... I have no idea what the password is so I am not able to open it back up to send it to you.

But here is the OTScanIT fix log....................

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\2a715288 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM29426114 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A94B111-4504-4e26-AB05-E61E474AA38B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A94B111-4504-4e26-AB05-E61E474AA38B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26E79A3C-133F-49CC-89D5-6313EEFC6204}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26E79A3C-133F-49CC-89D5-6313EEFC6204}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DEBD9E6-53F6-4871-BD02-F02E7E52DDF6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DEBD9E6-53F6-4871-BD02-F02E7E52DDF6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
[Files/Folders - Created Within 30 days]
File C:\Windows\System32\egpqjdug.ini not found!
File C:\Windows\System32\hsooftto.ini not found!
File C:\Windows\System32\LUFPstwa.ini not found!
File C:\Windows\System32\LUFPstwa.ini2 not found!
File C:\Windows\System32\opXaIRqr.ini not found!
File C:\Windows\System32\opXaIRqr.ini2 not found!
[Files Created - Additional Folder Scans - Non-Microsoft Only]
File C:\ProgramData\BM29426114.xml not found!
File C:\ProgramData\pskt.ini not found!
[Files/Folders - Modified Within 30 days]
File C:\Windows\System32\egpqjdug.ini not found!
File C:\Windows\System32\hsooftto.ini not found!
File C:\Windows\System32\LUFPstwa.ini not found!
File C:\Windows\System32\LUFPstwa.ini2 not found!
File C:\Windows\System32\opXaIRqr.ini not found!
File C:\Windows\System32\opXaIRqr.ini2 not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\ProgramData\BM29426114.xml not found!
File C:\ProgramData\pskt.ini not found!
[Empty Temp Folders]
File delete failed. C:\Users\Charis Simms\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\Charis Simms\AppData\Local\Temp\sqlite_GgBbhrXq45J9ErN scheduled to be deleted on reboot.
File delete failed. C:\Users\Charis Simms\AppData\Local\Temp\~DF2F42.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Charis Simms\AppData\Local\Temp\~DF70F3.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_G8G8M5fvTqo4YiC scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08012008_154604

Files moved on Reboot...
File move failed. C:\Users\Charis Simms\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.
File C:\Users\Charis Simms\AppData\Local\Temp\sqlite_GgBbhrXq45J9ErN not found!
C:\Users\Charis Simms\AppData\Local\Temp\~DF2F42.tmp moved successfully.
C:\Users\Charis Simms\AppData\Local\Temp\~DF70F3.tmp moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\sqlite_G8G8M5fvTqo4YiC moved successfully.


The FSecure report....

Scanning Report
Friday, August 01, 2008 23:51:51 - 07:53:02

Computer name: CHARISSIMMS-PC
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
Result: 1 malware found
Tracking Cookie (spyware)

* System

Statistics
Scanned:

* Files: 69030
* System: 5001
* Not scanned: 26

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\SQLITE_DFWXHVBP4DDZ1DI
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
* C:\USERS\CHARIS SIMMS\APPDATA\LOCAL\TEMP\SQLITE_BFIT5SCTXHCBP4V
* C:\USERS\CHARIS SIMMS\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\4BF5420AE300\DBDAM
* C:\USERS\CHARIS SIMMS\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\4BF5420AE300\DBDAO
* C:\USERS\CHARIS SIMMS\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\4BF5420AE300\DBEAM
* C:\USERS\CHARIS SIMMS\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\4BF5420AE300\DBEAO
* C:\USERS\CHARIS SIMMS\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\4BF5420AE300\DBM
* C:\USERS\CHARIS SIMMS\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\4BF5420AE300\HP
* C:\BOOT\BCD

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-08-01
* F-Secure Pegasus: 1.20.0, 2008-04-14
* F-Secure AVP: 7.0.171, 2008-08-02

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

And the OTScanIT log.......

OTScanIt logfile created on: 8/2/2008 1:07:29 PM
OTScanIt by OldTimer - Version 1.0.16.2	 Folder = C:\Users\Charis Simms\Desktop\OTScanIt
Windows Vista   (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16546)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.39% Memory free
4.00 Gb Paging File | 3.04 Gb Available in Paging File | 76.05% Paging File free
Paging file location(s): ?:\pagefile.sys;
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.92 Gb Total Space | 42.69 Gb Free Space | 30.29% Space Free | Partition Type: NTFS
Drive D: | 8.13 Gb Total Space | 1.77 Gb Free Space | 21.81% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 982.13 Mb Total Space | 896.05 Mb Free Space | 91.24% Space Free | Partition Type: FAT
Drive I: | 232.83 Gb Total Space | 136.56 Gb Free Space | 58.65% Space Free | Partition Type: FAT32

Computer Name: CHARISSIMMS-PC
Current User Name: Charis Simms
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 10:36:33 AM | Attr =	]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 9:00:16 AM | Attr =	]
schedul2.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,240 | Size = 411168 bytes | Modified Date = 2/16/2007 6:49:50 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.0.28.0 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:18 AM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
clcapsvc.exe -> %ProgramFiles%\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe ->  [Ver = 5.00.2510 | Size = 270431 bytes | Modified Date = 3/28/2007 8:45:34 PM | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 10.0.13.2 14Sep07 | Size = 1021224 bytes | Modified Date = 9/15/2007 3:50:54 AM | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\Hp\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 2:11:42 AM | Attr =	]
qpservice.exe -> %ProgramFiles%\Hp\QuickPlay\QPService.exe -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 176128 bytes | Modified Date = 3/28/2007 8:45:14 PM | Attr =	]
qlbctrl.exe -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ->  Hewlett-Packard Development Company, L.P. [Ver = 6, 2, 2, 1 | Size = 159744 bytes | Modified Date = 2/13/2007 2:38:36 PM | Attr =	]
hpwamain.exe -> %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -> Hewlett-Packard Development Company, L.P. [Ver = 3, 0, 5, 1 | Size = 472776 bytes | Modified Date = 3/1/2007 4:18:36 PM | Attr =	]
wifimsg.exe -> %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe -> Hewlett-Packard Development Company, L.P. [Ver = 3.0.4.1 | Size = 317128 bytes | Modified Date = 1/10/2007 7:12:08 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:35 AM | Attr =	]
trueimagemonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4942 | Size = 1169776 bytes | Modified Date = 2/16/2007 6:45:30 PM | Attr =	]
timountermonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 444 | Size = 1945960 bytes | Modified Date = 2/16/2007 6:57:24 PM | Attr =	]
schedhlp.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,240 | Size = 149024 bytes | Modified Date = 2/16/2007 6:49:58 PM | Attr =	]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 9:00:23 AM | Attr =	]
pwrisovm.exe -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 7, 0, 0 | Size = 200704 bytes | Modified Date = 4/9/2007 8:23:11 AM | Attr =	]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.806.10245 | Size = 29744 bytes | Modified Date = 7/27/2008 11:46:05 AM | Attr =	]
igfxtray.exe -> %SystemRoot%\System32\igfxtray.exe -> Intel Corporation [Ver = 7.14.10.1322 | Size = 141848 bytes | Modified Date = 8/24/2007 7:54:12 PM | Attr =	]
hkcmd.exe -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 7.14.10.1322 | Size = 154136 bytes | Modified Date = 8/24/2007 7:54:00 PM | Attr =	]
igfxpers.exe -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 7.14.10.1322 | Size = 129560 bytes | Modified Date = 8/24/2007 7:54:08 PM | Attr =	]
igfxsrvc.exe -> %SystemRoot%\System32\igfxsrvc.exe -> Intel Corporation [Ver = 7.14.10.1322 | Size = 252440 bytes | Modified Date = 8/24/2007 7:54:10 PM | Attr =	]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 10/23/2006 12:24:02 AM | Attr =	]
napster.exe -> %ProgramFiles%\Napster\napster.exe -> Napster [Ver = 4.5.1.0 | Size = 323216 bytes | Modified Date = 5/9/2008 2:37:52 PM | Attr =	]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 6/25/2007 12:25:58 AM | Attr =	]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.136.1 | Size = 61440 bytes | Modified Date = 12/14/2006 8:49:10 PM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.7.0.43 | Size = 289064 bytes | Modified Date = 7/10/2008 10:51:32 AM | Attr =	]
mozybackup.exe -> %ProgramFiles%\Mozy\mozybackup.exe ->  [Ver =  | Size = 87344 bytes | Modified Date = 7/2/2007 6:17:28 PM | Attr =	]
googletalk.exe -> %AppData%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 5:22:02 PM | Attr =	]
picasamediadetector.exe -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.7.37.49 | Size = 443968 bytes | Modified Date = 2/25/2008 9:23:34 PM | Attr =	]
starwindserviceae.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -> Rocket Division Software [Ver = 3.2.3 Build 20070527 | Size = 275968 bytes | Modified Date = 5/28/2007 12:57:54 PM | Attr =	]
vongoservice.exe -> %ProgramFiles%\Vongo\VongoService.exe -> Starz Entertainment Group LLC [Ver = 1, 25, 0, 0 | Size = 176128 bytes | Modified Date = 3/29/2007 4:59:42 PM | Attr =	]
mozybackup.exe -> %ProgramFiles%\Mozy\mozybackup.exe ->  [Ver =  | Size = 87344 bytes | Modified Date = 7/2/2007 6:17:28 PM | Attr =	]
xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.12.00 | Size = 386560 bytes | Modified Date = 7/10/2007 6:28:08 AM | Attr =	]
hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 5/2/2006 5:41:28 PM | Attr =	]
sdwinsec.exe -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 12 | Size = 809296 bytes | Modified Date = 7/7/2008 9:42:02 AM | Attr =	]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.806.10245 | Size = 29744 bytes | Modified Date = 7/27/2008 11:46:05 AM | Attr =	]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 8:59:53 AM | Attr =	]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 8:59:01 AM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.0.43 | Size = 532264 bytes | Modified Date = 7/10/2008 10:51:22 AM | Attr =	]
fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 11/4/2007 4:31:56 PM | Attr =	]
hpqtoaster.exe -> %ProgramFiles%\Hewlett-Packard\Shared\HpqToaster.exe ->  [Ver = 1, 10, 1, 1 | Size = 677576 bytes | Modified Date = 1/30/2007 6:58:52 PM | Attr =	]
hphc_service.exe -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> Hewlett-Packard [Ver = 2.3.0.2 | Size = 65536 bytes | Modified Date = 9/19/2007 6:30:52 PM | Attr =	]
googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 8/19/2007 8:06:17 PM | Attr =	]
mozystat.exe -> %ProgramFiles%\Mozy\mozystat.exe ->  [Ver =  | Size = 1914160 bytes | Modified Date = 5/15/2008 3:09:04 PM | Attr =	]
pnagent.exe -> %ProgramFiles%\Citrix\ICA Client\pnagent.exe -> Citrix Systems, Inc. [Ver = 10.00.52110 | Size = 286096 bytes | Modified Date = 2/8/2007 12:55:22 PM | Attr =	]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, S.L. [Ver = 1.0 (32-bit) | Size = 415072 bytes | Modified Date = 4/28/2008 11:20:00 AM | Attr = R  ]
tray.exe -> %ProgramFiles%\Vongo\Tray.exe -> Starz [Ver = 1, 30, 0, 1 | Size = 73728 bytes | Modified Date = 3/29/2007 4:59:42 PM | Attr =	]
jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 329104 bytes | Modified Date = 9/25/2007 2:11:35 AM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,240 | Size = 411168 bytes | Modified Date = 2/16/2007 6:49:50 PM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.0.28.0 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:18 AM | Attr =	]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 10:36:33 AM | Attr =	]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 9:00:16 AM | Attr =	]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 8:59:53 AM | Attr =	]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 8:59:01 AM | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Auto | Running] -> %ProgramFiles%\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe ->  [Ver = 5.00.2510 | Size = 270431 bytes | Modified Date = 3/28/2007 8:45:34 PM | Attr =	]
(CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Hp\QuickPlay\Kernel\TV\CLSched.exe ->  [Ver = 5.00.2504 | Size = 118877 bytes | Modified Date = 3/28/2007 8:45:38 PM | Attr =	]
(Com4Qlb) Com4Qlb [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1.0.0.1 | Size = 110592 bytes | Modified Date = 1/9/2007 5:55:34 PM | Attr =	]
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 11/4/2007 4:31:56 PM | Attr =	]
(GoogleDesktopManager-061008-081103) Google Desktop Manager 5.7.806.10245 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.806.10245 | Size = 29744 bytes | Modified Date = 7/27/2008 11:46:05 AM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 6/25/2007 12:25:58 AM | Attr =	]
(HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> Hewlett-Packard [Ver = 2.3.0.2 | Size = 65536 bytes | Modified Date = 9/19/2007 6:30:52 PM | Attr =	]
(hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 5/2/2006 5:41:28 PM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 6:24:18 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.0.43 | Size = 532264 bytes | Modified Date = 7/10/2008 10:51:22 AM | Attr =	]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.136.1 | Size = 61440 bytes | Modified Date = 12/14/2006 8:49:10 PM | Attr =	]
(mozybackup) MozyHome Backup Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Mozy\mozybackup.exe ->  [Ver =  | Size = 87344 bytes | Modified Date = 7/2/2007 6:17:28 PM | Attr =	]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.5.98 | Size = 880640 bytes | Modified Date = 2/12/2007 12:36:58 PM | Attr =	]
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 12 | Size = 809296 bytes | Modified Date = 7/7/2008 9:42:02 AM | Attr =	]
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(StarWindServiceAE) StarWind AE Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -> Rocket Division Software [Ver = 3.2.3 Build 20070527 | Size = 275968 bytes | Modified Date = 5/28/2007 12:57:54 PM | Attr =	]
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.560 | Size = 74656 bytes | Modified Date = 2/17/2007 10:31:12 AM | Attr =	]
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(Vongo Service) Vongo Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Vongo\VongoService.exe -> Starz Entertainment Group LLC [Ver = 1, 25, 0, 0 | Size = 176128 bytes | Modified Date = 3/29/2007 4:59:42 PM | Attr =	]
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.12.00 | Size = 386560 bytes | Modified Date = 7/10/2007 6:28:08 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
 ->  [] -> File not found
Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 10/23/2006 12:24:02 AM | Attr =	]
Acronis Scheduler2 Service -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe ["C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"] -> Acronis [Ver = 1,0,0,240 | Size = 149024 bytes | Modified Date = 2/16/2007 6:49:58 PM | Attr =	]
AcronisTimounterMonitor -> %ProgramFiles%\Acronis\TrueImageHome\TimounterMonitor.exe [C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe] -> Acronis [Ver = 3.3 build 444 | Size = 1945960 bytes | Modified Date = 2/16/2007 6:57:24 PM | Attr =	]
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:28 AM | Attr =	]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 9:00:23 AM | Attr =	]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.7.806.10245 | Size = 29744 bytes | Modified Date = 7/27/2008 11:46:05 AM | Attr =	]
HotKeysCmds -> %SystemRoot%\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> Intel Corporation [Ver = 7.14.10.1322 | Size = 154136 bytes | Modified Date = 8/24/2007 7:54:00 PM | Attr =	]
HP Health Check Scheduler ->  [[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> File not found
HP Software Update -> %ProgramFiles%\Hp\HP Software Update\hpwuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 2:11:42 AM | Attr =	]
hpWirelessAssistant -> %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 3, 0, 5, 1 | Size = 472776 bytes | Modified Date = 3/1/2007 4:18:36 PM | Attr =	]
IgfxTray -> %SystemRoot%\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> Intel Corporation [Ver = 7.14.10.1322 | Size = 141848 bytes | Modified Date = 8/24/2007 7:54:12 PM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.0.43 | Size = 289064 bytes | Modified Date = 7/10/2008 10:51:32 AM | Attr =	]
NapsterShell -> %ProgramFiles%\Napster\napster.exe [C:\Program Files\Napster\napster.exe /systray] -> Napster [Ver = 4.5.1.0 | Size = 323216 bytes | Modified Date = 5/9/2008 2:37:52 PM | Attr =	]
NeroFilterCheck -> %SystemRoot%\System32\NeroCheck.exe [C:\Windows\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr =	]
Persistence -> %SystemRoot%\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> Intel Corporation [Ver = 7.14.10.1322 | Size = 129560 bytes | Modified Date = 8/24/2007 7:54:08 PM | Attr =	]
PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE [C:\Program Files\PowerISO\PWRISOVM.EXE] -> PowerISO Computing, Inc. [Ver = 3, 7, 0, 0 | Size = 200704 bytes | Modified Date = 4/9/2007 8:23:11 AM | Attr =	]
QlbCtrl -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start] ->  Hewlett-Packard Development Company, L.P. [Ver = 6, 2, 2, 1 | Size = 159744 bytes | Modified Date = 2/13/2007 2:38:36 PM | Attr =	]
QPService -> %ProgramFiles%\Hp\QuickPlay\QPService.exe ["C:\Program Files\HP\QuickPlay\QPService.exe"] -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 176128 bytes | Modified Date = 3/28/2007 8:45:14 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:35 AM | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 10.0.13.2 14Sep07 | Size = 1021224 bytes | Modified Date = 9/15/2007 3:50:54 AM | Attr =	]
SynTPStart -> %ProgramFiles%\Synaptics\SynTP\SynTPStart.exe [C:\Program Files\Synaptics\SynTP\SynTPStart.exe] -> Synaptics, Inc. [Ver = 10.0.13.2 14Sep07 | Size = 102400 bytes | Modified Date = 9/15/2007 3:29:10 AM | Attr =	]
TrueImageMonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TrueImageMonitor.exe [C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe] -> Acronis [Ver = 10,0,0,4942 | Size = 1169776 bytes | Modified Date = 2/16/2007 6:45:30 PM | Attr =	]
WAWifiMessage -> %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 3.0.4.1 | Size = 317128 bytes | Modified Date = 1/10/2007 7:12:08 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
googletalk -> %AppData%\Google\Google Talk\googletalk.exe [C:\Users\Charis Simms\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 5:22:02 PM | Attr =	]
HPAdvisor -> %ProgramFiles%\Hewlett-Packard\HP Advisor\HPAdvisor.exe [C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun] -> Hewlett-Packard [Ver = 1.1.19.0 | Size = 1773568 bytes | Modified Date = 3/20/2007 6:23:40 PM | Attr =	]
mSpotAT&TRemix -> %ProgramFiles%\mSpot\Remix\AT&T\msptcmd.exe ["C:\Program Files\mSpot\Remix\AT&T\msptcmd.exe" /runcheck] -> MSpot [Ver = 2, 0, 23, 0 | Size = 1512760 bytes | Modified Date = 3/14/2008 9:02:38 PM | Attr =	]
Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.49 | Size = 443968 bytes | Modified Date = 2/25/2008 9:23:34 PM | Attr =	]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.5.0.239 | Size = 22880040 bytes | Modified Date = 9/24/2007 1:11:50 PM | Attr = R  ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/25/2007 12:26:03 AM | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.7.806.10245 | Size = 113664 bytes | Modified Date = 7/27/2008 11:46:08 AM | Attr =	]
C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.7.806.10245 | Size = 113664 bytes | Modified Date = 7/27/2008 11:46:08 AM | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2923520 bytes | Modified Date = 12/10/2007 11:54:26 AM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 24576 bytes | Modified Date = 11/2/2006 5:45:50 AM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 11315200 bytes | Modified Date = 10/8/2007 12:11:41 PM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 238080 bytes | Modified Date = 11/2/2006 5:44:42 AM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 7.14.10.1322 | Size = 204800 bytes | Modified Date = 8/24/2007 7:26:50 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
TORiSAN CD-ROM CDR_C36 ->  -> File not found
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 67072 bytes | Modified Date = 11/2/2006 4:51:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CD/DVDW_TS-L632M_______________0917____\5&61dfa57&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_FZ2183K&Prod_CJT171Z&Rev_2.0B\5&36e5972&0&000000 -> 
< Drives - Autoruns > ->  -> 
autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\autoexec.bat [ NTFS ] ->  [Ver =  | Size = 74 bytes | Modified Date = 4/19/2007 3:20:31 PM | Attr =	]
AUTOMODE [@echo off | IF EXIST C:\ST_RP\MANUALMODE ECHO MANUAL BATCH MODE ALREADY SET ! | IF NOT EXIST C:\ST_RP\MANUALMODE ECHO SET TO MANUAL BATCH EXECUTION ! | IF NOT EXIST C:\ST_RP\MANUALMODE IF EXIST C:\ST_RP\AUTOMODE DEL C:\ST_RP\AUTOMODE /F > NUL | IF NOT EXIST C:\ST_RP\MANUALMODE COPY C:\ST_RP\SET_AUTO_MODE.CMD C:\ST_RP\MANUALMODE > NUL | ECHO. | ] -> D:\AUTOMODE [ NTFS ] ->  [Ver =  | Size = 340 bytes | Modified Date = 9/11/2005 11:18:54 AM | Attr =  HS]
autorun [] -> I:\autorun [ FAT32 ] ->  [Folder | Modified Date = 10/5/2007 8:31:54 AM | Attr =	]
autorun.inf [[autorun] | ICON=AUTORUN\WDLOGO.ICO | ] -> I:\autorun.inf [ FAT32 ] ->  [Ver =  | Size = 36 bytes | Modified Date = 11/15/2005 11:08:04 AM | Attr =  H ]
< HOSTS File > (255786 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> 
::1			 localhost -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ig -> 
HKEY_CURRENT_USER\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{0A94B116-4504-4e26-AB05-E61E474AA38B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL [] -> Ask.com [Ver = 1, 1, 0, 1 | Size = 61440 bytes | Modified Date = 6/24/2007 12:26:12 AM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4685 domain(s) found. -> 
40 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4688 domain(s) found. -> 
west.com .[https] -> Trusted sites -> 
workathomeagent.com .[https] -> Trusted sites -> 
workathomeagent.net .[https] -> Trusted sites -> 
40 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 79 range(s) found. -> 
GD [:Range = 127.0.0.1] -> http = Local intranet |  -> 
Range1 [:Range = 127.0.0.1] -> http = Local intranet |  -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{00C6482D-C502-44C8-8409-FCE54AD9C208} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItBHO.dll [SnagIt Toolbar Loader] -> TechSmith Corporation [Ver = 8.2.2.225 | Size = 63048 bytes | Modified Date = 2/16/2007 6:41:04 PM | Attr =	]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 11, 29, 1 | Size = 436288 bytes | Modified Date = 11/29/2006 8:35:00 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]
{0A94B111-4504-4e26-AB05-E61E474AA38B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:52 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 10/1/2007 12:11:49 PM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 8/19/2007 8:06:23 PM | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/23/2006 12:20:26 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 10/1/2007 12:11:49 PM | Attr = R  ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/23/2006 12:20:26 AM | Attr =	]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItIEAddin.dll [SnagIt] -> TechSmith Corporation [Ver = 8.2.2.225 | Size = 161352 bytes | Modified Date = 2/16/2007 6:41:04 PM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 11, 29, 1 | Size = 436288 bytes | Modified Date = 11/29/2006 8:35:00 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 10/1/2007 12:11:49 PM | Attr = R  ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/23/2006 12:20:26 AM | Attr =	]
WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{F4D76F09-7896-458A-890F-E1F05C46069F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskPBar\bar\1.bin\ASKPBAR.DLL [Ask Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:52 PM | Attr =	]
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 117 | Size = 1306624 bytes | Modified Date = 9/24/2007 1:11:50 PM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/23/2006 12:20:26 AM | Attr =	]
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/23/2006 12:20:26 AM | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/23/2006 12:20:26 AM | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/23/2006 12:20:26 AM | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/23/2006 12:20:26 AM | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/23/2006 12:20:26 AM | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/23/2006 12:20:26 AM | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/23/2006 12:20:26 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5D397078-D39D-4699-93C7-15D8C45D702E} ->	(Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{5F65C9C6-74BA-41CE-927B-79616BFA11A0} ->	(Intel(R) PRO/100 VE Network Connection) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
ldap -> 4 = Restricted sites (Not a Default Protocol) -> 
news -> 4 = Restricted sites (Not a Default Protocol) -> 
nntp -> 4 = Restricted sites (Not a Default Protocol) -> 
oecmd -> 4 = Restricted sites (Not a Default Protocol) -> 
snews -> 4 = Restricted sites (Not a Default Protocol) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 9/24/2007 1:11:50 PM | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[Trend Micro ActiveX Scan Agent 6.6] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{4C39376E-FA9D-4349-BACC-D305C1750EF3}[HKEY_LOCAL_MACHINE] -> http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab[EPUImageControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/EPUWALcontrol.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/EPUWALcontrol.dll\\.Owner -> {4C39376E-FA9D-4349-BACC-D305C1750EF3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/EPUWALcontrol.dll\\{4C39376E-FA9D-4349-BACC-D305C1750EF3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 



[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 8/1/2008 3:37:29 PM | Attr =	]
1 C:\*.tmp files -> C:\*.tmp -> 
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 7/29/2008 4:08:16 PM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 8/1/2008 11:47:36 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2137055232 bytes | Created Date = 7/29/2008 12:13:59 PM | Attr =  HS]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 7/5/2008 4:35:39 PM | Attr =  H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 7/20/2008 10:21:44 PM | Attr =  H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 7/27/2008 11:37:52 AM | Attr =  H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 7/5/2008 4:35:39 PM | Attr =  H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 7/20/2008 10:21:44 PM | Attr =  H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 7/27/2008 11:37:52 AM | Attr =  H ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 7/31/2008 10:35:18 AM | Attr =	]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 7/31/2008 10:35:16 AM | Attr =	]
pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0  | Size = 28544 bytes | Created Date = 7/28/2008 11:19:12 PM | Attr =	]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 138384 bytes | Created Date = 7/29/2008 11:28:18 AM | Attr =	]
usbaapl.sys -> %SystemRoot%\System32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 29, 0, 0 | Size = 32000 bytes | Created Date = 7/10/2008 9:35:22 AM | Attr =	]
HouseCall 6.6 -> %SystemRoot%\System32\HouseCall 6.6 ->  [Folder | Created Date = 7/29/2008 11:17:00 AM | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 7/29/2008 4:08:55 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Avg8 -> %AllUsersProfile%\Avg8 ->  [Folder | Created Date = 7/31/2008 10:26:06 AM | Attr =	]
ESTsoft -> %AllUsersProfile%\ESTsoft ->  [Folder | Created Date = 8/1/2008 3:26:39 PM | Attr =	]
Malwarebytes -> %AllUsersProfile%\Malwarebytes ->  [Folder | Created Date = 7/31/2008 10:35:15 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Spybot - Search & Destroy ->  [Folder | Created Date = 7/28/2008 9:45:30 PM | Attr =	]
ESTsoft -> %AppData%\ESTsoft ->  [Folder | Created Date = 8/1/2008 3:30:15 PM | Attr =	]
HouseCall 6.6 -> %AppData%\HouseCall 6.6 ->  [Folder | Created Date = 7/29/2008 11:17:08 AM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 7/31/2008 10:35:22 AM | Attr =	]
U3 -> %AppData%\U3 ->  [Folder | Created Date = 8/1/2008 10:03:18 AM | Attr =	]
Adobe -> %UserProfile%\AppData\Local\Adobe ->  [Folder | Created Date = 8/1/2008 3:38:21 PM | Attr =	]
Apple -> %UserProfile%\AppData\Local\Apple ->  [Folder | Created Date = 8/2/2008 7:56:13 AM | Attr =	]
Apple Computer -> %UserProfile%\AppData\Local\Apple Computer ->  [Folder | Created Date = 8/1/2008 3:38:08 PM | Attr =	]
IconCache.db -> %UserProfile%\AppData\Local\IconCache.db ->  [Ver =  | Size = 3279526 bytes | Created Date = 7/31/2008 10:26:02 AM | Attr =  H ]
Adobe Reader 8.lnk -> %SystemDrive%\Users\Public\Desktop\Adobe Reader 8.lnk ->  [Ver =  | Size = 1887 bytes | Created Date = 7/28/2008 10:47:18 PM | Attr =	]
ALZip.lnk -> %SystemDrive%\Users\Public\Desktop\ALZip.lnk ->  [Ver =  | Size = 842 bytes | Created Date = 8/1/2008 3:26:18 PM | Attr =	]
iTunes.lnk -> %SystemDrive%\Users\Public\Desktop\iTunes.lnk ->  [Ver =  | Size = 2231 bytes | Created Date = 7/20/2008 11:18:33 PM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 818 bytes | Created Date = 7/31/2008 10:35:18 AM | Attr =	]
QuickTime Player.lnk -> %SystemDrive%\Users\Public\Desktop\QuickTime Player.lnk ->  [Ver =  | Size = 1726 bytes | Created Date = 7/20/2008 11:14:41 PM | Attr =	]
activescan2_en.exe -> %UserProfile%\Desktop\activescan2_en.exe ->  [Ver =  | Size = 175648 bytes | Created Date = 7/28/2008 11:17:53 PM | Attr =	]
ALZip.exe -> %UserProfile%\Desktop\ALZip.exe -> ESTsoft Crop.												[Ver = 6.7				  | Size = 5754977 bytes | Created Date = 8/1/2008 3:24:06 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 8/1/2008 10:04:20 AM | Attr =	]
avenger.exe -> %UserProfile%\Desktop\avenger.exe ->  [Ver =  | Size = 731136 bytes | Created Date = 8/1/2008 3:33:30 PM | Attr =	]
avg_free_stf_en_8_138a1332.exe -> %UserProfile%\Desktop\avg_free_stf_en_8_138a1332.exe -> AVG Technologies [Ver = 8, 0, 0, 1 | Size = 48367896 bytes | Created Date = 7/28/2008 4:06:21 PM | Attr =	]
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 7/29/2008 4:06:57 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 956 bytes | Created Date = 7/31/2008 10:48:41 AM | Attr =	]
housecall66.exe -> %UserProfile%\Desktop\housecall66.exe ->  [Ver =  | Size = 62480 bytes | Created Date = 7/29/2008 11:09:37 AM | Attr =	]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes Corporation									 [Ver = 1.24				 | Size = 1885120 bytes | Created Date = 7/31/2008 10:34:09 AM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 8/1/2008 12:25:39 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Created Date = 8/1/2008 12:24:32 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 1055 bytes | Created Date = 7/28/2008 9:45:47 PM | Attr =	]
spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> Safer Networking Limited									 [Ver = 1.6.0				| Size = 15083520 bytes | Created Date = 7/28/2008 9:43:09 PM | Attr =	]
AVG -> %ProgramFiles%\AVG ->  [Folder | Created Date = 7/28/2008 4:18:26 PM | Attr =	]
Bonjour -> %ProgramFiles%\Bonjour ->  [Folder | Created Date = 7/20/2008 11:15:43 PM | Attr =	]
ESTsoft -> %ProgramFiles%\ESTsoft ->  [Folder | Created Date = 8/1/2008 3:26:13 PM | Attr =	]
iPod -> %ProgramFiles%\iPod ->  [Folder | Created Date = 7/20/2008 11:18:03 PM | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 7/31/2008 10:35:14 AM | Attr =	]
Panda Security -> %ProgramFiles%\Panda Security ->  [Folder | Created Date = 7/28/2008 11:18:22 PM | Attr =	]
QuickTime -> %ProgramFiles%\QuickTime ->  [Folder | Created Date = 7/20/2008 11:13:48 PM | Attr =	]
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy ->  [Folder | Created Date = 7/28/2008 9:45:30 PM | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 7/31/2008 10:48:40 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 8/1/2008 3:38:00 PM | Attr =	]
1 C:\*.tmp files -> C:\*.tmp -> 
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 7/29/2008 4:08:16 PM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 8/1/2008 11:47:36 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2137055232 bytes | Modified Date = 8/1/2008 3:48:58 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/1/2008 3:37:29 PM | Attr = R  ]
ProgramData -> %AllUsersProfile% ->  [Folder | Modified Date = 8/1/2008 3:37:29 PM | Attr =  H ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 7/28/2008 9:06:14 PM | Attr =  H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 7/29/2008 11:33:52 AM | Attr =  H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 7/31/2008 10:26:35 AM | Attr =  H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 8/1/2008 3:36:00 PM | Attr =  H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 8/1/2008 3:47:43 PM | Attr =  H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 7/5/2008 4:35:39 PM | Attr =  H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 7/20/2008 10:21:44 PM | Attr =  H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 7/27/2008 11:37:52 AM | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 7/28/2008 9:06:14 PM | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 7/29/2008 11:33:52 AM | Attr =  H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 7/31/2008 10:26:35 AM | Attr =  H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 8/1/2008 3:36:00 PM | Attr =  H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 8/1/2008 3:47:43 PM | Attr =  H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 7/5/2008 4:35:39 PM | Attr =  H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 7/20/2008 10:21:44 PM | Attr =  H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 7/27/2008 11:37:52 AM | Attr =  H ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 8/2/2008 2:15:31 AM | Attr =  HS]
Windows -> %SystemRoot% ->  [Folder | Modified Date = 8/1/2008 1:13:55 PM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 7/28/2008 9:53:55 PM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 255786 bytes | Modified Date = 7/28/2008 9:53:55 PM | Attr = R  ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 7/30/2008 8:07:52 PM | Attr =	]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 7/30/2008 8:07:56 PM | Attr =	]
usbaapl.sys -> %SystemRoot%\System32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 29, 0, 0 | Size = 32000 bytes | Modified Date = 7/10/2008 9:35:22 AM | Attr =	]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3072 bytes | Modified Date = 8/2/2008 12:44:36 PM | Attr =  H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3072 bytes | Modified Date = 8/2/2008 12:44:36 PM | Attr =  H ]
catroot -> %SystemRoot%\System32\catroot ->  [Folder | Modified Date = 7/20/2008 11:09:36 PM | Attr =	]
catroot2 -> %SystemRoot%\System32\catroot2 ->  [Folder | Modified Date = 7/29/2008 2:42:53 PM | Attr =	]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 8/1/2008 3:37:29 PM | Attr =	]
HouseCall 6.6 -> %SystemRoot%\System32\HouseCall 6.6 ->  [Folder | Modified Date = 7/29/2008 11:17:05 AM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 104868 bytes | Modified Date = 8/2/2008 7:56:47 AM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 621552 bytes | Modified Date = 8/2/2008 7:56:48 AM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 720952 bytes | Modified Date = 8/2/2008 7:56:47 AM | Attr =	]
Tasks -> %SystemRoot%\System32\Tasks ->  [Folder | Modified Date = 7/20/2008 10:13:36 PM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 7/31/2008 10:17:43 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 67584 bytes | Modified Date = 8/1/2008 11:44:35 PM | Attr =   S]
bthservsdp.dat -> %SystemRoot%\bthservsdp.dat ->  [Ver =  | Size = 12 bytes | Modified Date = 8/1/2008 3:47:49 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 8/2/2008 1:06:04 PM | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 7/29/2008 4:08:55 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/2/2008 7:56:46 AM | Attr =	]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 8/1/2008 3:53:47 PM | Attr =  HS]
mozy.blk -> %SystemRoot%\mozy.blk ->  [Ver =  | Size = 2470 bytes | Modified Date = 8/1/2008 1:13:55 PM | Attr =	]
mozy.flt -> %SystemRoot%\mozy.flt ->  [Ver =  | Size = 706 bytes | Modified Date = 8/1/2008 1:13:55 PM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 49 bytes | Modified Date = 7/20/2008 10:20:31 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/2/2008 8:22:29 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 7/20/2008 10:57:57 PM | Attr =  H ]
System32 -> %SystemRoot%\System32 ->  [Folder | Modified Date = 8/2/2008 7:56:47 AM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 8/2/2008 1:06:44 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/1/2008 3:49:06 PM | Attr =  H ]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys ->  [Folder | Modified Date = 8/1/2008 3:49:07 PM | Attr =	]
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat ->  [Ver =  | Size = 8 bytes | Modified Date = 4/19/2007 2:23:33 PM | Attr =	]
C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader ->  [Folder | Modified Date = 11/2/2006 9:04:06 AM | Attr =	]
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 6319 bytes | Modified Date = 7/28/2008 10:36:22 PM | Attr =	]
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 7/28/2008 10:36:24 PM | Attr =	]
C:\ProgramData\Microsoft\OFFICE\DATA\ -> C:\ProgramData\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 7/1/2007 11:20:40 AM | Attr =	]
opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8316 bytes | Modified Date = 8/19/2007 10:35:59 PM | Attr =	]
C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData ->  [Folder | Modified Date = 6/24/2007 12:03:47 AM | Attr =	]
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT ->  [Ver =  | Size = 14628 bytes | Modified Date = 8/2/2008 12:45:00 AM | Attr =	]
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 8/2/2008 12:45:01 AM | Attr =	]
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 8/2/2008 12:45:00 AM | Attr =	]
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT ->  [Ver =  | Size = 8760 bytes | Modified Date = 8/2/2008 12:45:00 AM | Attr =	]
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT ->  [Ver =  | Size = 1932 bytes | Modified Date = 8/2/2008 12:45:01 AM | Attr =	]
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT ->  [Ver =  | Size = 116156 bytes | Modified Date = 8/2/2008 12:45:00 AM | Attr =	]
C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures ->  [Folder | Modified Date = 6/23/2007 3:33:41 PM | Attr =	]
Charis Simms.dat -> C:\ProgramData\Microsoft\User Account Pictures\Charis Simms.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 6/23/2007 3:33:41 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\ -> C:\Users\Charis Simms\AppData\Local\Temp ->  [Folder | Modified Date = 8/2/2008 1:06:43 PM | Attr =	]
fsgk32.exe -> C:\Users\Charis Simms\AppData\Local\Temp\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
fssm32.exe -> C:\Users\Charis Simms\AppData\Local\Temp\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
4 C:\Users\Charis Simms\AppData\Local\Temp\*.tmp files -> C:\Users\Charis Simms\AppData\Local\Temp\*.tmp -> 
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 8/1/2008 11:52:03 PM | Attr =	]
fsgk32.exe -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
fssm32.exe -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 8/1/2008 11:51:07 PM | Attr =	]
fsgk32.exe -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
fssm32.exe -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\ -> C:\Users\Charis Simms\AppData\Local\Temp ->  [Folder | Modified Date = 8/2/2008 1:06:43 PM | Attr =	]
daas_s.dll -> C:\Users\Charis Simms\AppData\Local\Temp\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 8/1/2008 11:51:52 PM | Attr =	]
fm4av.dll -> C:\Users\Charis Simms\AppData\Local\Temp\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
4 C:\Users\Charis Simms\AppData\Local\Temp\*.tmp files -> C:\Users\Charis Simms\AppData\Local\Temp\*.tmp -> 
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 8/1/2008 11:52:03 PM | Attr =	]
AVPFPI0.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
avpproxy.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
daas_s.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 3:59:28 PM | Attr =	]
fm4av.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
fpinor.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
fsbl.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
fsblu.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 8/1/2008 11:50:33 PM | Attr =	]
fsecr32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 8/1/2008 11:50:53 PM | Attr =	]
fsgkiapi.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
fsmart.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 8/1/2008 11:50:59 PM | Attr =	]
fspe32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fssubmit.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 8/1/2008 11:50:42 PM | Attr =	]
fsup32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupcx32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupfg32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupmw32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupnp32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupux32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupwu32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsusscr.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14271 | Size = 888832 bytes | Modified Date = 8/1/2008 11:50:59 PM | Attr =	]
Nse_w32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 8/1/2008 11:50:39 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 8/1/2008 11:51:07 PM | Attr =	]
AVPFPI0.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
avpproxy.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
fm4av.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
fpinor.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
fsbl.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
fsgkiapi.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 8/1/2008 11:50:55 PM | Attr =	]
fsecr32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 8/1/2008 11:50:53 PM | Attr =	]
fspe32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsup32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupcx32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupfg32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupmw32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupnp32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupux32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupwu32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\mlcwin\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 8/1/2008 11:50:59 PM | Attr =	]
fsmart.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 8/1/2008 11:50:59 PM | Attr =	]
fsusscr.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14271 | Size = 888832 bytes | Modified Date = 8/1/2008 11:50:59 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 8/1/2008 11:50:39 PM | Attr =	]
Nse_w32.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,92,06 | Size = 588856 bytes | Modified Date = 8/1/2008 11:50:39 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 8/1/2008 11:50:42 PM | Attr =	]
fssubmit.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 8/1/2008 11:50:42 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_bl\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 8/1/2008 11:50:33 PM | Attr =	]
fsblu.dll -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 68 | Size = 544768 bytes | Modified Date = 8/1/2008 11:50:33 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 8/1/2008 11:52:03 PM | Attr =	]
ext.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 8/1/2008 11:50:31 PM | Attr =	]
fsedb.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 1102770 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupdllb.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupplgn.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsuptmpl.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
perf.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 8/1/2008 11:52:26 PM | Attr =	]
sae.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 8/1/2008 11:50:31 PM | Attr =	]
sai.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 8/1/2008 11:50:31 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\avmisc\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 8/1/2008 11:50:31 PM | Attr =	]
ext.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 8/1/2008 11:50:31 PM | Attr =	]
sae.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 8/1/2008 11:50:31 PM | Attr =	]
sai.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 8/1/2008 11:50:31 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 8/1/2008 11:50:55 PM | Attr =	]
fsedb.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 1102770 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupdllb.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsupplgn.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
fsuptmpl.dat -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 8/1/2008 11:50:54 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\ -> C:\Users\Charis Simms\AppData\Local\Temp ->  [Folder | Modified Date = 8/2/2008 1:06:43 PM | Attr =	]
RunTime.ini -> C:\Users\Charis Simms\AppData\Local\Temp\RunTime.ini ->  [Ver =  | Size = 496 bytes | Modified Date = 8/1/2008 3:52:06 PM | Attr =	]
4 C:\Users\Charis Simms\AppData\Local\Temp\*.tmp files -> C:\Users\Charis Simms\AppData\Local\Temp\*.tmp -> 
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 8/1/2008 11:52:03 PM | Attr =	]
FS@av.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 8/1/2008 11:50:31 PM | Attr =	]
FS@avpe.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 8/1/2008 11:50:21 PM | Attr =	]
FS@bleng.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 8/1/2008 11:50:32 PM | Attr =	]
FS@corp.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
FS@hydra.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 8/1/2008 11:50:53 PM | Attr =	]
FS@mlc.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 8/1/2008 11:50:59 PM | Attr =	]
FS@ols.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 8/1/2008 11:50:42 PM | Attr =	]
FS@peg.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 8/1/2008 11:50:38 PM | Attr =	]
verdicts.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 8/1/2008 11:50:24 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\avmisc\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 8/1/2008 11:50:31 PM | Attr =	]
FS@av.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 8/1/2008 11:50:31 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\avpe\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\avpe ->  [Folder | Modified Date = 8/1/2008 11:50:30 PM | Attr =	]
FS@avpe.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 8/1/2008 11:50:21 PM | Attr =	]
verdicts.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 8/1/2008 11:50:24 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 8/1/2008 11:51:07 PM | Attr =	]
FS@corp.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 8/1/2008 11:51:06 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 8/1/2008 11:50:55 PM | Attr =	]
FS@hydra.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 8/1/2008 11:50:53 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\mlcwin\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 8/1/2008 11:50:59 PM | Attr =	]
FS@mlc.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 8/1/2008 11:50:59 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 8/1/2008 11:50:39 PM | Attr =	]
FS@peg.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 8/1/2008 11:50:38 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 8/1/2008 11:50:42 PM | Attr =	]
FS@ols.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 8/1/2008 11:50:42 PM | Attr =	]
C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_bl\ -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 8/1/2008 11:50:33 PM | Attr =	]
FS@bleng.ini -> C:\Users\Charis Simms\AppData\Local\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 8/1/2008 11:50:32 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Adobe ->  [Folder | Modified Date = 7/28/2008 10:46:29 PM | Attr =	]
Avg8 -> %AllUsersProfile%\Avg8 ->  [Folder | Modified Date = 7/31/2008 10:26:06 AM | Attr =	]
ESTsoft -> %AllUsersProfile%\ESTsoft ->  [Folder | Modified Date = 8/1/2008 3:26:39 PM | Attr =	]
Google Updater -> %AllUsersProfile%\Google Updater ->  [Folder | Modified Date = 8/1/2008 3:57:33 PM | Attr =	]
Malwarebytes -> %AllUsersProfile%\Malwarebytes ->  [Folder | Modified Date = 7/31/2008 10:35:15 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Spybot - Search & Destroy ->  [Folder | Modified Date = 7/28/2008 10:43:02 PM | Attr =	]
Symantec -> %AllUsersProfile%\Symantec ->  [Folder | Modified Date = 7/31/2008 10:28:29 AM | Attr =	]
ESTsoft -> %AppData%\ESTsoft ->  [Folder | Modified Date = 8/1/2008 3:30:15 PM | Attr =	]
HouseCall 6.6 -> %AppData%\HouseCall 6.6 ->  [Folder | Modified Date = 7/29/2008 11:29:55 AM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Modified Date = 7/31/2008 10:35:22 AM | Attr =	]
U3 -> %AppData%\U3 ->  [Folder | Modified Date = 8/1/2008 12:28:07 PM | Attr =	]
uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 7/27/2008 11:36:42 AM | Attr =	]
Adobe -> %UserProfile%\AppData\Local\Adobe ->  [Folder | Modified Date = 8/1/2008 3:40:57 PM | Attr =	]
Apple -> %UserProfile%\AppData\Local\Apple ->  [Folder | Modified Date = 8/2/2008 7:56:13 AM | Attr =	]
Apple Computer -> %UserProfile%\AppData\Local\Apple Computer ->  [Folder | Modified Date = 8/2/2008 7:55:45 AM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 51712 bytes | Modified Date = 7/19/2008 11:36:58 AM | Attr =	]
IconCache.db -> %UserProfile%\AppData\Local\IconCache.db ->  [Ver =  | Size = 3279526 bytes | Modified Date = 8/1/2008 3:47:43 PM | Attr =  H ]
Temp -> %UserProfile%\AppData\Local\Temp ->  [Folder | Modified Date = 8/2/2008 1:06:43 PM | Attr =	]
hpqp.ini -> %SystemDrive%\Users\Public\Documents\hpqp.ini ->  [Ver =  | Size = 149 bytes | Modified Date = 8/1/2008 3:51:06 PM | Attr =	]
Downloads -> %UserProfile%\Documents\Downloads ->  [Folder | Modified Date = 7/31/2008 11:57:01 AM | Attr =	]
Rental - 582 Garage -> %UserProfile%\Documents\Rental - 582 Garage ->  [Folder | Modified Date = 7/6/2008 4:18:07 PM | Attr =	]
Adobe Acrobat 8 Professional.lnk -> %SystemDrive%\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk ->  [Ver =  | Size = 1894 bytes | Modified Date = 8/1/2008 3:53:16 PM | Attr =	]
Adobe Reader 8.lnk -> %SystemDrive%\Users\Public\Desktop\Adobe Reader 8.lnk ->  [Ver =  | Size = 1887 bytes | Modified Date = 7/28/2008 10:47:18 PM | Attr =	]
ALZip.lnk -> %SystemDrive%\Users\Public\Desktop\ALZip.lnk ->  [Ver =  | Size = 842 bytes | Modified Date = 8/1/2008 3:26:18 PM | Attr =	]
iTunes.lnk -> %SystemDrive%\Users\Public\Desktop\iTunes.lnk ->  [Ver =  | Size = 2231 bytes | Modified Date = 8/2/2008 7:55:25 AM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 818 bytes | Modified Date = 7/31/2008 10:35:18 AM | Attr =	]
QuickTime Player.lnk -> %SystemDrive%\Users\Public\Desktop\QuickTime Player.lnk ->  [Ver =  | Size = 1726 bytes | Modified Date = 7/20/2008 11:14:41 PM | Attr =	]
Safari.lnk -> %SystemDrive%\Users\Public\Desktop\Safari.lnk ->  [Ver =  | Size = 1854 bytes | Modified Date = 7/20/2008 10:20:23 PM | Attr =	]
activescan2_en.exe -> %UserProfile%\Desktop\activescan2_en.exe ->  [Ver =  | Size = 175648 bytes | Modified Date = 7/28/2008 11:17:48 PM | Attr =	]
ALZip.exe -> %UserProfile%\Desktop\ALZip.exe -> ESTsoft Crop.												[Ver = 6.7				  | Size = 5754977 bytes | Modified Date = 8/1/2008 3:24:39 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 8/1/2008 9:32:28 AM | Attr =	]
avg_free_stf_en_8_138a1332.exe -> %UserProfile%\Desktop\avg_free_stf_en_8_138a1332.exe -> AVG Technologies [Ver = 8, 0, 0, 1 | Size = 48367896 bytes | Modified Date = 7/28/2008 4:10:30 PM | Attr =	]
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 7/29/2008 4:06:47 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 956 bytes | Modified Date = 7/31/2008 10:48:41 AM | Attr =	]
housecall66.exe -> %UserProfile%\Desktop\housecall66.exe ->  [Ver =  | Size = 62480 bytes | Modified Date = 7/29/2008 11:09:46 AM | Attr =	]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes Corporation									 [Ver = 1.24				 | Size = 1885120 bytes | Modified Date = 7/31/2008 10:34:23 AM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 8/1/2008 3:46:04 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Modified Date = 8/1/2008 12:25:36 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 1055 bytes | Modified Date = 7/28/2008 9:45:47 PM | Attr =	]
spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> Safer Networking Limited									 [Ver = 1.6.0				| Size = 15083520 bytes | Modified Date = 7/28/2008 9:44:05 PM | Attr =	]
Trillian.lnk -> %UserProfile%\Desktop\Trillian.lnk ->  [Ver =  | Size = 1744 bytes | Modified Date = 7/26/2008 10:49:29 AM | Attr =	]
Adobe Acrobat Speed Launcher.lnk -> %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk ->  [Ver =  | Size = 2473 bytes | Modified Date = 8/1/2008 3:53:47 PM | Attr =	]
Adobe Acrobat Synchronizer.lnk -> %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk ->  [Ver =  | Size = 1964 bytes | Modified Date = 8/1/2008 3:53:16 PM | Attr =	]
Program Neighborhood Agent.lnk -> %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk ->  [Ver =  | Size = 2521 bytes | Modified Date = 8/1/2008 3:54:07 PM | Attr =	]
Vongo Tray.lnk -> %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk ->  [Ver =  | Size = 2349 bytes | Modified Date = 8/1/2008 3:54:09 PM | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 7/31/2008 10:23:02 AM | Attr =	]

< End of report >


#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:01 AM

Posted 02 August 2008 - 01:29 PM

Hi CharisNS,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u7-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.



That OTscanIt log looks fine. :thumbsup:

If there aren't any other issues then go ahead and run the system normally for a day and then get back with me and let me know if there are any continuing issues.

If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 CharisNS

CharisNS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 03 August 2008 - 12:16 PM

Sweet! Thanks! I'll get back to you in a day or two then!!!

:thumbsup:

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:01 AM

Posted 03 August 2008 - 01:26 PM

Sounds good. I'll be here. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:01 AM

Posted 13 August 2008 - 03:14 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users