Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection


  • This topic is locked This topic is locked
7 replies to this topic

#1 themistocles

themistocles

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 13 August 2008 - 07:29 AM

Hit with something that redirects explorer searches, can't update virus scan. Now all of my network connections have been deleted. Can't access the internet at all. Had to download the Deckhard scanner from another computer. When I first noticed problems I ran Norton and found Trojan Byte Verify and Zlob!gen.3.

Log of Norton attached at the end.

Deckard's System Scanner v20071014.68
Run by Wall on 2008-08-12 19:30:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x0000001F


-- Last 5 Restore Point(s) --
21: 2008-08-09 00:09:50 UTC - RP1193 - System Checkpoint
20: 2008-08-07 00:19:12 UTC - RP1192 - System Checkpoint
19: 2008-08-06 00:14:48 UTC - RP1191 - System Checkpoint
18: 2008-08-01 22:34:35 UTC - RP1190 - Installed Java™ 6 Update 7
17: 2008-07-31 04:37:31 UTC - RP1189 - System Checkpoint


-- First Restore Point --
1: 2008-06-24 00:03:32 UTC - RP1173 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-12 19:33:18
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ico.exe
C:\Program Files\Sony\HotKey Utility\HKServ.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\CR\SetIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DLink\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Microsoft Office\Office10\MSOFFICE.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Dantz\Retrospect\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\system32\MSGSYS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Wall\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [AV-Update] C:\Program Files\NavNT\vpdn_lu.exe /s
O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\CR\SetIcon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ymetray] "D:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareBot] D:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\DLink\Bluetooth Software\BTTray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Rocket.Time.lnk = C:\Program Files\Rocket Software\RocketTime\RocketTime.exe
O4 - Global Startup: ymetray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\DLink\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/voxacm.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122142941041
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral4.sel.sony.com/sdccom...oad/sonyctl.CAB
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\wdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe


--
End of file - 12326 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R2 fxfdiufazlf.sys - c:\windows\system32\drivers\fxfdiufazlf.sys

S3 ATWPKT2 - c:\program files\america online 8.0\atwpkt2.sys (file missing)
S3 inibtmgr (WD Bridge Controller Driver) - c:\windows\system32\drivers\inibtmgr.sys <Not Verified; Western Digital; WD 1394 Device Button Manager Driver>
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrempr5.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing)
S3 SMCLN (SMC EZ Connect Turbo WLAN Adapter) - c:\windows\system32\drivers\smcwlan.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RetroLauncher (Retrospect Launcher) - c:\program files\dantz\retrospect\retrorun.exe <Not Verified; Dantz Development Corporation; Retrospect>
R2 RetroWDSvc (Retrospect WD Service) - c:\progra~1\dantz\retros~1\wdsvc.exe <Not Verified; Dantz Development Corporation; Retrospect>
R2 VAIOMediaPlatform-PhotoServer-AppServer (VAIO Media Photo Server (Application)) - c:\program files\sony\photo server 20\appsrv\picappsrv.exe <Not Verified; ; Photo Application Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-12 19:27:47 490 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2003-08-07 08:29:49 258 --a------ C:\WINDOWS\Tasks\Registration reminder 2.job


-- Files created between 2008-07-12 and 2008-08-12 -----------------------------

2008-08-12 06:36:40 80384 --a------ C:\WINDOWS\system32\drivers\fxfdiufazlf.sys
2008-08-11 22:10:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\SpywareBot
2008-08-11 06:20:43 0 d-------- C:\Program Files\Windows Live Safety Center


-- Find3M Report ---------------------------------------------------------------

2008-08-12 06:36:55 471 --a------ C:\Documents and Settings\Wall\Application Data\UpdateStore.xml
2008-08-12 06:36:55 376 --a------ C:\Documents and Settings\Wall\Application Data\SoftwarePackageStore.xml
2008-08-12 06:36:55 518 --a------ C:\Documents and Settings\Wall\Application Data\EventStore.xml
2008-08-12 06:36:55 376 --a------ C:\Documents and Settings\Wall\Application Data\ConfigurationStore.xml
2008-08-12 06:36:55 475 --a------ C:\Documents and Settings\Wall\Application Data\CampaignStore.xml
2008-08-11 18:56:31 0 d-------- C:\Documents and Settings\Wall\Application Data\SpywareBot
2008-08-10 20:48:27 0 d-------- C:\Program Files\Windows NT
2008-08-10 18:58:34 0 d-------- C:\Program Files\Google
2008-08-02 17:07:26 0 d-------- C:\Program Files\LIVEUPDATE
2008-08-01 18:38:38 0 d-------- C:\Program Files\Java
2008-07-13 06:59:39 0 d-------- C:\Program Files\palmOne


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE [9/20/2002 4:20:06 PM]
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer

Written by Bobbi Flekman 2006 ©
GeneralFlags REG_DWORD 1 (0x1)
RestoredStateInfo REG_BINARY 180000006a02000023000000a40000009a00000001000000

REGEDIT4
"DefaultDomainName"="GLOBOGALACTIC"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions]
"NoGPOListChanges"=dword:00000001
2c,41,70,70,6c,69,63,61,74,69,6f,6e,29,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
00
"MaxNoGPOListChangesInterval"=dword:000003c0
00
"RequiresSuccessfulRegistry"=dword:00000001
74,61,6c,6c,65,72,2c,41,70,70,6c,69,63,61,74,69,6f,6e,29,00,00
"NoGPOListChanges"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify]
"Logoff"="ChainWlxLogoffEvent"
"Logoff"="CryptnetWlxLogoffEvent"
"Asynchronous"=dword:00000001
"StartShell"="NavStartShellEvent"
"Asynchronous"=dword:00000001
"Logoff"="SchedEventLogOff"
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00
"Asynchronous"=dword:00000001
"Disconnect"="TSEventDisconnect"
"Event"=dword:00000003
90,14,00,00,00,1b,79,ee,08,63,d3,10,24,e5,93,cf,90,e5,22,0c,b5,4d,0c,7b,45
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SCLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts]
"VUSR_"=dword:00010000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Credentials]
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ cscdll.dll
!d;s/.*t//;s/
[hkey.*/n
DllName REG_SZ C:\WINDOWS\System32\NavLogon.dll
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ wlnotify.dll
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Logoff REG_SZ WLEventLogoff
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ WlNotify.dll
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Logon REG_SZ WLEventLogon
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ wlnotify.dll

Written by Bobbi Flekman 2006 ©
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 140200001002000000020000900434000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000007000b000000000007000b0000003f000000020000000400010001000000000000000000000000000000440000000100560061007200460069006c00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f006e00000000000904e404f0030000010053007400720069006e006700460069006c00650049006e0066006f000000cc03000001003000340030003900300034004500340000004a001900010043006f006d006d0065006e007400730000004300720079007300740061006c002000530051004c002000440065007300690067006e0065007200200037002e0030000000000088003400010043006f006d00700061006e0079004e0061006d006500000000005300650061006700610074006500200053006f00660074007700610072006500200049006e0066006f0072006d006100740069006f006e0020004d0061006e006100670065006d0065006e0074002000470072006f00750070002c00200049006e0063002e000000ae00450001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000280063002900200031003900390031002d003100390039001000000000000000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 5409000054020000000200008c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe000001000200a8112e0400000200a8112e0400003f000000200000000400000001000000000000000000000000000000ec020000010053007400720069006e006700460069006c00650049006e0066006f000000c8020000010030003000300030003000340062003000000038001000010043006f006d006d0065006e007400730000004f007200690067006e0061006c002000560065007200730069006f006e00000042001100010043006f006d00700061006e0079004e0061006d006500000000005300410050002000410047002c002000570061006c006c0064006f0072006600000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f0077007300000000003c000e000100460069006c006500560065007200730069006f006e000000000034003500320030002e0032002e0030002e003100300037003000000032000900010049006e007400650072006e0061006c004e0061006d0065000000460045005700460052004f004e005400000000007a002b0001004c006500670061006c0043006f007000790072006900670068000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b00200033000000230054020000000200008c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010003009e112604000003009e11260400003f000000200000000400000001000000000000000000000000000000ec020000010053007400720069006e006700460069006c00650049006e0066006f000000c8020000010030003000300030003000340062003000000038001000010043006f006d006d0065006e007400730000004f007200690067006e0061006c002000560065007200730069006f006e00000042001100010043006f006d00700061006e0079004e0061006d006500000000005300410050002000410047002c002000570061006c006c0064006f0072006600000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f0077007300000000003c000e000100460069006c006500560065007200730069006f006e000000000034003500310030002e0033002e0030002e003100300036003200000032000900010049006e007400650072006e0061006c004e0061006d0065000000460045005700460052004f004e005400000000007a002b0001004c006500670061006c0043006f007000790072006900670068000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b0020003300000023005402000000020000200334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010000000400f003000000000400f00300003f0000000000000004000100010000000000000000000000000000007e020000010053007400720069006e006700460069006c00650049006e0066006f0000005a02000001003000340030003900300034004500340000002e000700010043006f006d00700061006e0079004e0061006d00650000000000530041005000200041004700000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f00770073000000000036000b000100460069006c006500560065007200730069006f006e000000000034002e0030002e0030002e003100300030003800000000002c000600010049006e007400650072006e0061006c004e0061006d0065000000460052004f004e00540000005e001d0001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900390033002d0031003900390037002000530041005000200041004700000000002800000001004c006500670061006c0054007200610064000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b0020003300000023005402000000020000180334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010000000400dd03000000000400dd0300003f00000000000000040001000100000000000000000000000000000078020000010053007400720069006e006700460069006c00650049006e0066006f0000005402000001003000340030003900300034004500340000002e000700010043006f006d00700061006e0079004e0061006d00650000000000530041005000200041004700000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f00770073000000000034000a000100460069006c006500560065007200730069006f006e000000000034002e0030002e0030002e0039003800390000002c000600010049006e007400650072006e0061006c004e0061006d0065000000460052004f004e00540000005e001d0001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900390033002d0031003900390037002000530041005000200041004700000000002800000001004c006500670061006c00540072006100640065006d000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b002000330000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 5802000054020000000200006c0734000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f000000000000000400040001000000000000000000000000000000cc060000010053007400720069006e006700460069006c00650049006e0066006f00000054030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005300650074007500700000009c003c0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000300000002000000530065007200760069006300650020005000610063006b002000340000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 580200005402000000020000440234000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100010001000c000000010001000c00000000000000000000000400000001000000000000000000000000000000440000000000560061007200460069006c00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f006e00000000000904b004a4010000010053007400720069006e006700460069006c00650049006e0066006f00000080010000010030003400300039003000340042003000000040002000010043006f006d00700061006e0079004e0061006d00650000000000440065004c006f0072006d00650020004d0061007000700069006e0067000000440022000100500072006f0064007500630074004e0061006d006500000000005200650067002000280044004c0069006200620079005c006d0073006600290000000000340014000100460069006c006500560065007200730069006f006e000000000031002e00300031002e0030003000310032000000380014000100500072006f006400750063007400560065007200730069006f006e00000031002e00300031002e003000300031003200000034001200010049006e007400650072006e0061006c004e0061006d00650000004d004e00470052004500470033003200000000000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b002000330000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
GlobalFlag REG_SZ 0x00200000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
GlobalFlag REG_SZ 0x00200000
DisableHeapLookAside REG_SZ 1
DisableHeapLookAside REG_SZ 1
ApplicationGoo REG_BINARY 140200001002000000020000b40234000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100350007000000000035000700000000003f00000000000000040000000100000000000000000000000000000012020000010053007400720069006e006700460069006c00650049006e0066006f000000ee010000010030003400300039003000340062003000000042001100010043006f006d00700061006e0079004e0061006d00650000000000500065006f0070006c00650053006f00660074002c00200049006e0063002e0000000000280000000100460069006c0065004400650073006300720069007000740069006f006e00000000002a0005000100460069006c006500560065007200730069006f006e000000000037002e0035003300000000009c003c0001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900380038002d0031003900390038002000500065006f0070006c00650053006f00660074002c00200049006e0063002e002000200041006c006c00200052006900670068007400730020005200650073006500720076006500640000003c000a0001004f0072006900670069006e0061006c00460069006c0065006e0061006d00650000007000730064006d0074002e001000000000000000
DisableHeapLookAside REG_SZ 1
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 000700005402000000020000840734000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f000000000000000400040001000000000000000000000000000000e4060000010053007400720069006e006700460069006c00650049006e0066006f00000060030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005300650074007500700000009e003d0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006b0020003300000024005402000000020000a40834000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f00000000000000040004000100000000000000000000000000000004080000010053007400720069006e006700460069006c00650049006e0066006f000000f0030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000a600410001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006b0020003300000024005402000000020000180434000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f00000000000000040004000100000000000000000000000000000078030000010053007400720069006e006700460069006c00650049006e0066006f00000054030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005300650074007500700000009a003b0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006b002000330000002400
ApplicationGoo REG_BINARY 140200001002000000020000040334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe000001001c0008000000000000000800000000003f00000000000000040000000100000000000000000000000000000064020000010053007400720069006e006700460069006c00650049006e0066006f00000040020000010030003400300039003000340062003000000044001200010043006f006d00700061006e0079004e0061006d0065000000000043006f00720065006c00200043006f00720070006f0072006100740069006f006e0000004e0013000100460069006c0065004400650073006300720069007000740069006f006e000000000043006f00720065006c002000530065007400750070002000570069007a00610072006400000000002c0006000100460069006c006500560065007200730069006f006e000000000038002e00300032003800000046001300010049006e007400650072006e0061006c004e0061006d006500000043006f00720065006c002000530065007400750070002000570069007a00610072006400000000006c00240001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900390037002c00200043006f00720065006c00200043006f00720070006f0072000800000000000000
ApplicationGoo REG_BINARY 140200001002000000020000380334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010002000a0001000a0002000a0001000a000000000000000000040001000100000000000000000000000000000098020000010053007400720069006e006700460069006c00650049006e0066006f0000007402000001003000340030003900300034004500340000004a001500010043006f006d00700061006e0079004e0061006d00650000000000530079006d0061006e00740065006300200043006f00720070006f0072006100740069006f006e000000000060001c000100460069006c0065004400650073006300720069007000740069006f006e0000000000530079006d0061006e007400650063002000530079006d006500760065006e007400200049006e007300740061006c006c0065007200000034000a000100460069006c006500560065007200730069006f006e0000000000310030002e0032002e00310030002e003100000030000800010049006e007400650072006e0061006c004e0061006d006500000053004500560049004e005300540000007e002d0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000530079006d0061006e00740065006300200043006f0072000100000000000000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 1402000010020000000200007c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000001000900260000000100090026003f000000000000000400000001000000000000000000000000000000dc020000010053007400720069006e006700460069006c00650049006e0066006f000000b8020000010030003400300039003000340062003000000066002700010043006f006d006d0065006e0074007300000042007500730069006e00650073007300200049006e00740065006c006c006900670065006e006300650020006f006e0020004500760065007200790020004400650073006b0074006f0070000000000048001400010043006f006d00700061006e0079004e0061006d0065000000000043006f0067006e006f007300200049006e0063006f00720070006f0072006100740065006400000060001c000100460069006c0065004400650073006300720069007000740069006f006e000000000043006f0067006e006f0073002000470065006e006500720069006300200049006e007300740061006c006c006100740069006f006e00000038000c000100460069006c006500560065007200730069006f006e000000000031002c00200030002c002000330038002c0020003900000030000800010049006e007400650072006e0061006c004e0061006d00650000000100000000000000
GlobalFlag REG_SZ 0x000010F0
ApplicationGoo REG_BINARY 140200001002000000020000a40234000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000001000100000000000100010000003f00000000000000010001000100000000000000000000000000000004020000010053007400720069006e006700460069006c00650049006e0066006f000000e0010000010030003400300039003000340045003400000020000000010043006f006d00700061006e0079004e0061006d00650000000000580018000100460069006c0065004400650073006300720069007000740069006f006e000000000049004e005300540041004c004c0020004d004600430020004100700070006c00690063006100740069006f006e000000300008000100460069006c006500560065007200730069006f006e000000000031002e0030002e00300030003100000030000800010049006e007400650072006e0061006c004e0061006d006500000049004e005300540041004c004c0000002400000001004c006500670061006c0043006f00700079007200690067006800740000002800000001004c006500670061006c00540072006100640065006d00610072006b0073000000000040000c0001004f0072006900670069006e0061006c00460069006c0065006e0061006d006500000049004e005300540041004c004c002e004500580045000000300008000800000000000000
"Notification Packages scecli

Written by Bobbi Flekman 2006 ©
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state
NextRefreshReason REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List
LoggingStatus REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List
SOM REG_SZ Local
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List
WQL-Id REG_SZ
NextRefreshReason REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-1004\Extension-List
LoggingStatus REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-1004\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-1004\GPLink-List
SOM REG_SZ Local
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-1004\GPO-List
WQL-Id REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-1004\Loopback-GPLink-List
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-1004\Loopback-GPO-List
NextRefreshReason REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-500\Extension-List
LoggingStatus REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-500\GPLink-List
SOM REG_SZ Local
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-500\GPO-List
WQL-Id REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-500\Loopback-GPLink-List
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-500\Loopback-GPO-List

Written by Bobbi Flekman 2006 ©
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SaslProfiles
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\WDigest

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\File system]
@="Driver Group"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\RpcSs]
@="Service"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\vgasave.sys]
@="Driver"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

Error: Key: software\microsoft\shared tools\msconfig\startupfolder does not exist!


SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

Error: Key: software\microsoft\shared tools\msconfig\startupreg does not exist!


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs

















































































Written by Bobbi Flekman 2006 ©
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components
7,0,5730,0
*
6,0,5730,11
6,0,5730,11
2,0,0,0
Q824145
5,0,3810,0
EN
1 (0x1)
EN
Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
Macromedia Shockwave Director 8.5.1
11,0,5721,5145
Q867801
1 (0x1)
DirectAnimation
Macromedia Shockwave Director 8.5.1
1,1,1,7
Q837009
4,7,0,0320
Q822925
2,0,2,049
*
1,397,2406,1
6,0,2800,1106
1 (0x1)
EN
11,0,5721,5145
0400090000008603
4,71,1113,0
7,0,5730,11
6,00,01,0223
5,6,0,8513
C:\Program Files\Messenger\msmsgs.exe
5,00,2918,1900
KB870669
7,0,5730,11
C:\WINDOWS\System32\msieftp.dll
11,0,5721,5145
4,9,9,2
10,0,0,1
WAB
.NET Framework
Q831167
Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)
Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)
en
en
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix
EN
7,0,5730,11
EN
Q828750
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{abcdf74f-9a64-4e6e-b8eb-6e5a41de6550}
1.0.0.2
6,0,5730,11
4,71,1968,1
2,1,4026,0
EN
5,00,3807,0
6,0,5730,11
5,0,00,0
Q832894
Windows Roots Update
Q823353
Q330994
Q818529



-- End of Deckard's System Scanner: finished at 2008-08-12 19:34:41 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 - M CPU 1.80GHz
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 510.98 MiB / 78.07 MiB
Pagefile Memory (total/avail): 1245.27 MiB / 840.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.7 MiB

C: is Fixed (NTFS) - 13.97 GiB total, 2.08 GiB free.
D: is Fixed (NTFS) - 23.29 GiB total, 4.01 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - IC25N040ATCS04-0 - 37.26 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 13.97 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 23.29 GiB - D:

\\.\PHYSICALDRIVE1 - Sony MSC-U03 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe:*:Enabled:tgcmd Module"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player"
"D:\\Total War\\Medieval - Total War\\Medieval_TW.exe"="D:\\Total War\\Medieval - Total War\\Medieval_TW.exe:*:Enabled:Medieval_TW"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"D:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="D:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\WINDOWS\\system32\\services.exe"="C:\\WINDOWS\\system32\\services.exe:*:Enabled:enable"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Wall\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GLOBOGALACTIC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Wall
LOGONSERVER=\\GLOBOGALACTIC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Wall\LOCALS~1\Temp
TMP=C:\DOCUME~1\Wall\LOCALS~1\Temp
USERDOMAIN=GLOBOGALACTIC
USERNAME=Wall
USERPROFILE=C:\Documents and Settings\Wall
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Wall (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica MP3 To Wave Converter PLUS --> D:\MEDIAC~1\ACOUST~1\UNWISE.EXE D:\MEDIAC~1\ACOUST~1\INSTALL.LOG
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
American Airlines TravelDesk --> "D:\Timetable\American Airlines TravelDesk\unins000.exe"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Crystal Ball 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Crystal Ball\Uninst.isu"
D-Link Bluetooth Software --> MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}
DeductionPro 2006 --> D:\TaxCut06\DeductionPro 2006\RemoveDPro.EXE D:\TaxCut06\DEDUCT~1\INSTALL.LOG
DeductionPro 2007 --> "C:\Program Files\InstallShield Installation Information\{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}\setup.exe" -runfromtemp -l0x0009 -removeonly
Digital Media Converter 2.36 --> "D:\Media Converter\Digital Media Converter\unins000.exe"
Documents To Go --> MsiExec.exe /X{EB807EB6-5179-48B7-98D4-7B4934A57A81}
DVgate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29F61465-428A-11D4-B646-00C04F790F76}\setup.exe"
Experience VAIO --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36FE914F-1B2B-4D83-B3E1-032A508E9EC4}\setup.exe"
FAIBL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1128C92B-EB1D-4B92-B784-44CBD8E19386}\setup.exe" -l0x9
Global Star Software --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Systems Interactive\Global Star Software\DeIsL2.isu" -cC:\PROGRA~1\SYSTEM~1\GLOBAL~1\_ISREG32.DLL
GreatFamily 2.2.2 --> "C:\Program Files\GreatFamily\2.2.2\uninstall.exe"
GSB Printers - Laserjet 4200 Driver Update --> C:\WINDOWS\unvise32.exe C:\HP4200\uninstal.log
GSB Printers Uninstall --> C:\WINDOWS\unvise32.exe C:\Program Files\GSB Printers\uninstal.log
GSIM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\gsim.inf, Uninstall
Handmark® Monopoly® for Palm OS --> C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Monopoly for Palm OS\uninstal.log
Handmark® Scrabble® for Palm OS --> C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Scrabble for Palm OS\uninstal.log
Handmark® Tetris® Classic™ for PalmOne --> C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Tetris Classic for Palm OS\uninstal.log
Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{DD18BE6E-F0B8-41DC-A9F3-AC1ABB918587}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
HotKey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\setup.exe" -l0x9
ImageStation Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28336AFC-722C-4E17-B286-2A7C906183C0}\setup.exe"
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MetaFrame Presentation Server Web Client for Win32 --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Wall\Application Data\Move Networks\ie_bin\Uninst.exe
MovieShaker 3.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4A49B00-02F8-11D5-B64D-00C04F790F76}\setup.exe"
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\setup.exe" -l0x9
Netscape (7.2) --> C:\WINDOWS\NSUninst.exe /ua "7.2 (en)"
Norton AntiVirus Corporate Edition --> MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenMG Limited Patch 3.1-02-10-22-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.1-02-10-22-01\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.1-02-10-23-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.1-02-10-23-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}\Setup.exe" -l0x9 UNINSTALL
Palm Desktop by ACCESS --> MsiExec.exe /X{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}
Panzer General 3D --> C:\WINDOWS\IsUninst.exe -f"d:\Program Files\Ubi Soft\Panzer General 3D\Uninst.isu"
Pdf995 --> D:\TaxCut06\TaxCut06\pdf995\setup.exe uninstall
PicoPlayer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BAAFE2F-300A-46AF-BB1D-FD2F98EDD606}\Setup.exe"
PicoPlayer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C70C75F-A265-4C62-B90F-8F80AA69F262}\Setup.exe"
PicoPlayerSplashScreen --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00609F70-5043-4C20-895A-D6EF7ACE9304}\setup.exe"
PictureGear Studio 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27C5164D-ED0E-4D64-B788-93305BD62100}\setup.exe"
Pixelfusion WMP Plugin 1.50 --> "D:\Program Files\Pixelfusion WMP Plugin\unins000.exe"
Pocket Tunes 3.0.7 --> C:\Program Files\Pocket Tunes\PocketTunesSetup.exe /u
PowerPanel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCB53CB5-E82D-4F5E-BFE2-CBB200E19BEF}\setup.exe" -l0x9
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealProducer Basic 8.5 --> C:\Program Files\Real\RealProducer\rnuninst.exe RealNetworks|RealProducer|8.5
Retrospect 6.5 --> MsiExec.exe /I{73B69C5C-87D6-471E-B695-0BD736C4B644}
RocketTime --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Rocket Software\RocketTime\DeIsL1.isu" -c"C:\Program Files\Rocket Software\RocketTime\_ISREG32.DLL"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SmartFTP --> MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
SoftK56 Data Fax --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_2486&SUBSYS_8138104D\HXFSETUP.EXE -U -IVEN_8086&DEV_2486&SUBSYS_8138104D
SonicStage 1.5.05 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony DV Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Sony Notebook Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\setup.exe" -l0x9
Sony on Yahoo! Essentials --> C:\Program Files\Yahoo!\unwise.exe C:\progra~1\yahoo!\install.log
Sony USB Mouse --> Pmuninst.exe MouseSuite98
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SpywareBot 1.5 --> "D:\Program Files\SpywareBot\unins000.exe"
StatPro for Excel --> C:\WINDOWS\System32\unwise32.EXE C:\PROGRA~1\MICROS~4\Office10\Library\StatPro\Install.log StatPro for Excel
Support Actions WinXP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48BE827A-2D06-4804-90C3-4F2F8460F9D4}\setup.exe"
TaxCut Deluxe 2005 --> D:\TaxCut05\Program\removetc.exe
TaxCut New York 2007 --> MsiExec.exe /X{58381EE3-A57D-448F-BC8E-FFC66987615E}
TaxCut Premium + State + Efile 2007 --> MsiExec.exe /X{CF9A795B-2E4A-42D3-A4C4-333D5BF39350}
TaxCut Premium 2006 --> D:\TaxCut06\TaxCut06\Program\removetc.exe
Timewave Calculator --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://timewave2012.com/tools/timetraveler/timewave.jnlp"
VAIO Media 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
VAIO Media Installer 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
VAIO Media Music Server 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF733005-0F40-11D6-9254-0000F460E7A9}\setup.exe" -l0x9 UNINSTALL
VAIO Media Photo Server 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E1A8479-D871-4573-AA8C-90BF0338B242}\setup.exe"
VAIO Media Platform 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF0DD6E9-F673-4466-8353-70B50A506FD9}\setup.exe"
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AA14D661-8B7A-4A8F-B093-405C160178AF}
VAIO Serenus Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{802EF464-4992-42B3-8434-45151AD3C933}\setup.exe"
VAIO Support --> "c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO Wireless Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DF00135-D5A7-476A-BFB3-EDFF2840076A}\Setup.exe" -l0x9
WD Media Center Driver --> MsiExec.exe /I{CFA9C1EE-8D76-477E-9E26-D24C26F11F47}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Wireless LAN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8773FC58-B051-47CE-A75F-2347ECCA6CB6}\Setup.exe" -l0x9
Yahoo! Music Jukebox --> "D:\Program Files\Yahoo!\Yahoo! Music Engine\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type16468 / Warning
Event Submitted/Written: 08/11/2008 10:02:49 PM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP [00000003]

Event Record #/Type16467 / Warning
Event Submitted/Written: 08/11/2008 10:02:49 PM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\system32\wbem\Repository\FS\OBJECT~1.DAT [00000003]

Event Record #/Type16466 / Warning
Event Submitted/Written: 08/11/2008 10:02:49 PM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP [00000003]

Event Record #/Type16465 / Warning
Event Submitted/Written: 08/11/2008 10:02:49 PM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP [00000003]

Event Record #/Type16464 / Warning
Event Submitted/Written: 08/11/2008 10:02:49 PM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER [00000003]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type59505 / Error
Event Submitted/Written: 08/12/2008 07:33:44 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The VAIO Media Photo Server (Application) service has reported an invalid current state 272.

Event Record #/Type59455 / Error
Event Submitted/Written: 08/12/2008 06:19:52 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type59454 / Error
Event Submitted/Written: 08/12/2008 05:45:32 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
DMICall
eeCtrl
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Event Record #/Type59453 / Error
Event Submitted/Written: 08/12/2008 05:45:32 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type59452 / Error
Event Submitted/Written: 08/12/2008 05:45:32 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-08-12 19:34:41 ------------


Date Filename Virus Name Virus Type Action Taken
8/10/2008 12:31 5b3b23b6-79b717a3 Compressed file Quarantined GLOBOGALACTIC
8/10/2008 12:31 NewURLClassLoader.class Trojan.ByteVerify File; Compressed file Quarantined
8/10/2008 12:31 NewSecurityClassLoader.class Trojan.ByteVerify File; Compressed file Quarantined
8/10/2008 12:31 Installer.class Trojan.ByteVerify File; Compressed file Quarantined
8/10/2008 12:31 GetAccess.class Trojan.ByteVerify File; Compressed file Quarantined
8/10/2008 12:31 663965a3-2efae972 Compressed file Quarantined GLOBOGALACTIC
8/10/2008 12:31 Parser.class Trojan.ByteVerify File; Compressed file Quarantined
8/10/2008 12:31 Dummy.class Trojan.ByteVerify File; Compressed file Quarantined
8/10/2008 12:31 Counter.class Trojan.ByteVerify File; Compressed file Quarantined
8/10/2008 10:31 lnvegaow.exe Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:31 wnlmdakqlag.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:31 tfnslopk.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:31 xokvrpwg.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:31 edlb.exe Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:31 bgrqfetx.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:30 lnvegaow.exe Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:30 wnlmdakqlag.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:30 tfnslopk.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:30 xokvrpwg.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:30 edlb.exe Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:30 bgrqfetx.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:30 lnvegaow.exe Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:30 wnlmdakqlag.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:30 tfnslopk.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:30 xokvrpwg.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:30 edlb.exe Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:30 bgrqfetx.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:29 lnvegaow.exe Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:29 wnlmdakqlag.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:29 tfnslopk.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:29 xokvrpwg.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:29 edlb.exe Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:29 bgrqfetx.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:28 wnlmdakqlag.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:28 tfnslopk.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:28 lnvegaow.exe Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:28 xokvrpwg.dll Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:28 edlb.exe Downloader.Zlob!gen.3 File Quarantined
8/10/2008 10:28 bgrqfetx.dll Downloader.Zlob!gen.3 File Quarantined

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 AM

Posted 24 August 2008 - 01:06 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Edited by suebaby41, 24 August 2008 - 02:20 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 themistocles

themistocles
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 25 August 2008 - 07:18 AM

Thanks for the help. I was able to run adaware and stinger with no issues.
i had previously run Norton as above.
I still am unable to connect to the internet.


Deckard's System Scanner v20071014.68
Run by Wall on 2008-08-24 22:03:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 2.01 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-24 22:03:29
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Dantz\Retrospect\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\system32\MSGSYS.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ico.exe
C:\Program Files\Sony\HotKey Utility\HKServ.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\support.com\client\bin\tgcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\CR\SetIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DLink\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Microsoft Office\Office10\MSOFFICE.EXE
D:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Documents and Settings\Wall\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [AV-Update] C:\Program Files\NavNT\vpdn_lu.exe /s
O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\CR\SetIcon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ymetray] "D:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareBot] D:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\DLink\Bluetooth Software\BTTray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Rocket.Time.lnk = C:\Program Files\Rocket Software\RocketTime\RocketTime.exe
O4 - Global Startup: ymetray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\DLink\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/voxacm.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122142941041
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral4.sel.sony.com/sdccom...oad/sonyctl.CAB
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\wdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe


--
End of file - 13815 bytes

-- Files created between 2008-07-24 and 2008-08-24 -----------------------------

2008-08-24 17:13:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-21 23:34:04 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-21 23:34:04 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-08-21 23:34:04 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-08-21 23:34:04 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-08-21 23:34:04 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-08-21 23:34:04 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-08-21 23:34:04 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-21 23:34:04 82432 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-08-21 23:25:59 0 d-------- C:\Documents and Settings\Wall\Application Data\Malwarebytes
2008-08-21 23:25:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-21 23:25:54 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 06:36:40 80384 --a------ C:\WINDOWS\system32\drivers\fxfdiufazlf.sys
2008-08-11 22:10:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\SpywareBot
2008-08-11 06:20:43 0 d-------- C:\Program Files\Windows Live Safety Center


-- Find3M Report ---------------------------------------------------------------

2008-08-24 18:52:09 471 --a------ C:\Documents and Settings\Wall\Application Data\UpdateStore.xml
2008-08-24 18:52:09 376 --a------ C:\Documents and Settings\Wall\Application Data\SoftwarePackageStore.xml
2008-08-24 18:52:09 518 --a------ C:\Documents and Settings\Wall\Application Data\EventStore.xml
2008-08-24 18:52:09 376 --a------ C:\Documents and Settings\Wall\Application Data\ConfigurationStore.xml
2008-08-24 18:52:09 475 --a------ C:\Documents and Settings\Wall\Application Data\CampaignStore.xml
2008-08-24 17:13:14 0 d-------- C:\Program Files\Lavasoft
2008-08-24 17:12:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-21 23:20:03 0 d-------- C:\Program Files\LIVEUPDATE
2008-08-11 18:56:31 0 d-------- C:\Documents and Settings\Wall\Application Data\SpywareBot
2008-08-10 20:48:27 0 d-------- C:\Program Files\Windows NT
2008-08-10 18:58:34 0 d-------- C:\Program Files\Google
2008-08-01 18:38:38 0 d-------- C:\Program Files\Java
2008-07-13 06:59:39 0 d-------- C:\Program Files\palmOne
2008-06-20 13:41:10 245248 --a------ C:\WINDOWS\system32\mswsock.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE [9/20/2002 4:20:06 PM]
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer

Written by Bobbi Flekman 2006 ©
GeneralFlags REG_DWORD 1 (0x1)
RestoredStateInfo REG_BINARY 180000006a02000023000000a40000009a00000001000000

REGEDIT4
"DefaultDomainName"="GLOBO"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions]
"NoGPOListChanges"=dword:00000001
2c,41,70,70,6c,69,63,61,74,69,6f,6e,29,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
00
"MaxNoGPOListChangesInterval"=dword:000003c0
00
"RequiresSuccessfulRegistry"=dword:00000001
74,61,6c,6c,65,72,2c,41,70,70,6c,69,63,61,74,69,6f,6e,29,00,00
"NoGPOListChanges"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify]
"Logoff"="ChainWlxLogoffEvent"
"Logoff"="CryptnetWlxLogoffEvent"
"Asynchronous"=dword:00000001
"StartShell"="NavStartShellEvent"
"Asynchronous"=dword:00000001
"Logoff"="SchedEventLogOff"
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00
"Asynchronous"=dword:00000001
"Disconnect"="TSEventDisconnect"
"Event"=dword:00000003
90,14,00,00,00,07,bc,7f,22,2d,e3,ed,a8,52,c9,15,5c,08,f6,73,3f,64,dc,fa,2b
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SCLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts]
"VUSR_"=dword:00010000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Credentials]
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ cscdll.dll
!d;s/.*t//;s/
[hkey.*/n
DllName REG_SZ C:\WINDOWS\System32\NavLogon.dll
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ wlnotify.dll
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Logoff REG_SZ WLEventLogoff
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ WlNotify.dll
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Logon REG_SZ WLEventLogon
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ wlnotify.dll

Written by Bobbi Flekman 2006 ©
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 140200001002000000020000900434000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000007000b000000000007000b0000003f000000020000000400010001000000000000000000000000000000440000000100560061007200460069006c00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f006e00000000000904e404f0030000010053007400720069006e006700460069006c00650049006e0066006f000000cc03000001003000340030003900300034004500340000004a001900010043006f006d006d0065006e007400730000004300720079007300740061006c002000530051004c002000440065007300690067006e0065007200200037002e0030000000000088003400010043006f006d00700061006e0079004e0061006d006500000000005300650061006700610074006500200053006f00660074007700610072006500200049006e0066006f0072006d006100740069006f006e0020004d0061006e006100670065006d0065006e0074002000470072006f00750070002c00200049006e0063002e000000ae00450001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000280063002900200031003900390031002d003100390039001000000000000000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 5409000054020000000200008c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe000001000200a8112e0400000200a8112e0400003f000000200000000400000001000000000000000000000000000000ec020000010053007400720069006e006700460069006c00650049006e0066006f000000c8020000010030003000300030003000340062003000000038001000010043006f006d006d0065006e007400730000004f007200690067006e0061006c002000560065007200730069006f006e00000042001100010043006f006d00700061006e0079004e0061006d006500000000005300410050002000410047002c002000570061006c006c0064006f0072006600000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f0077007300000000003c000e000100460069006c006500560065007200730069006f006e000000000034003500320030002e0032002e0030002e003100300037003000000032000900010049006e007400650072006e0061006c004e0061006d0065000000460045005700460052004f004e005400000000007a002b0001004c006500670061006c0043006f007000790072006900670068000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b00200033000000230054020000000200008c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010003009e112604000003009e11260400003f000000200000000400000001000000000000000000000000000000ec020000010053007400720069006e006700460069006c00650049006e0066006f000000c8020000010030003000300030003000340062003000000038001000010043006f006d006d0065006e007400730000004f007200690067006e0061006c002000560065007200730069006f006e00000042001100010043006f006d00700061006e0079004e0061006d006500000000005300410050002000410047002c002000570061006c006c0064006f0072006600000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f0077007300000000003c000e000100460069006c006500560065007200730069006f006e000000000034003500310030002e0033002e0030002e003100300036003200000032000900010049006e007400650072006e0061006c004e0061006d0065000000460045005700460052004f004e005400000000007a002b0001004c006500670061006c0043006f007000790072006900670068000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b0020003300000023005402000000020000200334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010000000400f003000000000400f00300003f0000000000000004000100010000000000000000000000000000007e020000010053007400720069006e006700460069006c00650049006e0066006f0000005a02000001003000340030003900300034004500340000002e000700010043006f006d00700061006e0079004e0061006d00650000000000530041005000200041004700000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f00770073000000000036000b000100460069006c006500560065007200730069006f006e000000000034002e0030002e0030002e003100300030003800000000002c000600010049006e007400650072006e0061006c004e0061006d0065000000460052004f004e00540000005e001d0001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900390033002d0031003900390037002000530041005000200041004700000000002800000001004c006500670061006c0054007200610064000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b0020003300000023005402000000020000180334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010000000400dd03000000000400dd0300003f00000000000000040001000100000000000000000000000000000078020000010053007400720069006e006700460069006c00650049006e0066006f0000005402000001003000340030003900300034004500340000002e000700010043006f006d00700061006e0079004e0061006d00650000000000530041005000200041004700000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e00000000005300410050002000460072006f006e00740065006e006400200066006f0072002000570069006e0064006f00770073000000000034000a000100460069006c006500560065007200730069006f006e000000000034002e0030002e0030002e0039003800390000002c000600010049006e007400650072006e0061006c004e0061006d0065000000460052004f004e00540000005e001d0001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900390033002d0031003900390037002000530041005000200041004700000000002800000001004c006500670061006c00540072006100640065006d000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b002000330000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 5802000054020000000200006c0734000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f000000000000000400040001000000000000000000000000000000cc060000010053007400720069006e006700460069006c00650049006e0066006f00000054030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005300650074007500700000009c003c0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000300000002000000530065007200760069006300650020005000610063006b002000340000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 580200005402000000020000440234000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100010001000c000000010001000c00000000000000000000000400000001000000000000000000000000000000440000000000560061007200460069006c00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f006e00000000000904b004a4010000010053007400720069006e006700460069006c00650049006e0066006f00000080010000010030003400300039003000340042003000000040002000010043006f006d00700061006e0079004e0061006d00650000000000440065004c006f0072006d00650020004d0061007000700069006e0067000000440022000100500072006f0064007500630074004e0061006d006500000000005200650067002000280044004c0069006200620079005c006d0073006600290000000000340014000100460069006c006500560065007200730069006f006e000000000031002e00300031002e0030003000310032000000380014000100500072006f006400750063007400560065007200730069006f006e00000031002e00300031002e003000300031003200000034001200010049006e007400650072006e0061006c004e0061006d00650000004d004e00470052004500470033003200000000000200000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006b002000330000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
GlobalFlag REG_SZ 0x00200000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
GlobalFlag REG_SZ 0x00200000
DisableHeapLookAside REG_SZ 1
DisableHeapLookAside REG_SZ 1
ApplicationGoo REG_BINARY 140200001002000000020000b40234000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100350007000000000035000700000000003f00000000000000040000000100000000000000000000000000000012020000010053007400720069006e006700460069006c00650049006e0066006f000000ee010000010030003400300039003000340062003000000042001100010043006f006d00700061006e0079004e0061006d00650000000000500065006f0070006c00650053006f00660074002c00200049006e0063002e0000000000280000000100460069006c0065004400650073006300720069007000740069006f006e00000000002a0005000100460069006c006500560065007200730069006f006e000000000037002e0035003300000000009c003c0001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900380038002d0031003900390038002000500065006f0070006c00650053006f00660074002c00200049006e0063002e002000200041006c006c00200052006900670068007400730020005200650073006500720076006500640000003c000a0001004f0072006900670069006e0061006c00460069006c0065006e0061006d00650000007000730064006d0074002e001000000000000000
DisableHeapLookAside REG_SZ 1
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 000700005402000000020000840734000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f000000000000000400040001000000000000000000000000000000e4060000010053007400720069006e006700460069006c00650049006e0066006f00000060030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005300650074007500700000009e003d0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006b0020003300000024005402000000020000a40834000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f00000000000000040004000100000000000000000000000000000004080000010053007400720069006e006700460069006c00650049006e0066006f000000f0030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000a600410001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006b0020003300000024005402000000020000180434000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f00000000000000040004000100000000000000000000000000000078030000010053007400720069006e006700460069006c00650049006e0066006f00000054030000010030003400300039003000340042003000000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007200760065007200200053006500740075007000000036000b000100460069006c006500560065007200730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005300650074007500700000009a003b0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020000200000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006b002000330000002400
ApplicationGoo REG_BINARY 140200001002000000020000040334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe000001001c0008000000000000000800000000003f00000000000000040000000100000000000000000000000000000064020000010053007400720069006e006700460069006c00650049006e0066006f00000040020000010030003400300039003000340062003000000044001200010043006f006d00700061006e0079004e0061006d0065000000000043006f00720065006c00200043006f00720070006f0072006100740069006f006e0000004e0013000100460069006c0065004400650073006300720069007000740069006f006e000000000043006f00720065006c002000530065007400750070002000570069007a00610072006400000000002c0006000100460069006c006500560065007200730069006f006e000000000038002e00300032003800000046001300010049006e007400650072006e0061006c004e0061006d006500000043006f00720065006c002000530065007400750070002000570069007a00610072006400000000006c00240001004c006500670061006c0043006f007000790072006900670068007400000043006f0070007900720069006700680074002000a900200031003900390037002c00200043006f00720065006c00200043006f00720070006f0072000800000000000000
ApplicationGoo REG_BINARY 140200001002000000020000380334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe0000010002000a0001000a0002000a0001000a000000000000000000040001000100000000000000000000000000000098020000010053007400720069006e006700460069006c00650049006e0066006f0000007402000001003000340030003900300034004500340000004a001500010043006f006d00700061006e0079004e0061006d00650000000000530079006d0061006e00740065006300200043006f00720070006f0072006100740069006f006e000000000060001c000100460069006c0065004400650073006300720069007000740069006f006e0000000000530079006d0061006e007400650063002000530079006d006500760065006e007400200049006e007300740061006c006c0065007200000034000a000100460069006c006500560065007200730069006f006e0000000000310030002e0032002e00310030002e003100000030000800010049006e007400650072006e0061006c004e0061006d006500000053004500560049004e005300540000007e002d0001004c006500670061006c0043006f007000790072006900670068007400000043006f00700079007200690067006800740020002800430029002000530079006d0061006e00740065006300200043006f0072000100000000000000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 1402000010020000000200007c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000001000900260000000100090026003f000000000000000400000001000000000000000000000000000000dc020000010053007400720069006e006700460069006c00650049006e0066006f000000b8020000010030003400300039003000340062003000000066002700010043006f006d006d0065006e0074007300000042007500730069006e00650073007300200049006e00740065006c006c006900670065006e006300650020006f006e0020004500760065007200790020004400650073006b0074006f0070000000000048001400010043006f006d00700061006e0079004e0061006d0065000000000043006f0067006e006f007300200049006e0063006f00720070006f0072006100740065006400000060001c000100460069006c0065004400650073006300720069007000740069006f006e000000000043006f0067006e006f0073002000470065006e006500720069006300200049006e007300740061006c006c006100740069006f006e00000038000c000100460069006c006500560065007200730069006f006e000000000031002c00200030002c002000330038002c0020003900000030000800010049006e007400650072006e0061006c004e0061006d00650000000100000000000000
GlobalFlag REG_SZ 0x000010F0
ApplicationGoo REG_BINARY 140200001002000000020000a40234000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000001000100000000000100010000003f00000000000000010001000100000000000000000000000000000004020000010053007400720069006e006700460069006c00650049006e0066006f000000e0010000010030003400300039003000340045003400000020000000010043006f006d00700061006e0079004e0061006d00650000000000580018000100460069006c0065004400650073006300720069007000740069006f006e000000000049004e005300540041004c004c0020004d004600430020004100700070006c00690063006100740069006f006e000000300008000100460069006c006500560065007200730069006f006e000000000031002e0030002e00300030003100000030000800010049006e007400650072006e0061006c004e0061006d006500000049004e005300540041004c004c0000002400000001004c006500670061006c0043006f00700079007200690067006800740000002800000001004c006500670061006c00540072006100640065006d00610072006b0073000000000040000c0001004f0072006900670069006e0061006c00460069006c0065006e0061006d006500000049004e005300540041004c004c002e004500580045000000300008000800000000000000
"Notification Packages scecli

Written by Bobbi Flekman 2006 ©
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state
NextRefreshReason REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List
LoggingStatus REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List
SOM REG_SZ Local
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List
WQL-Id REG_SZ
NextRefreshReason REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-1004\Extension-List
LoggingStatus REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-1004\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-1004\GPLink-List
SOM REG_SZ Local
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-1004\GPO-List
WQL-Id REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-1004\Loopback-GPLink-List
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-1004\Loopback-GPO-List
NextRefreshReason REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-500\Extension-List
LoggingStatus REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-500\GPLink-List
SOM REG_SZ Local
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-500\GPO-List
WQL-Id REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-500\Loopback-GPLink-List
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343213094-4276646879-2437010768-500\Loopback-GPO-List

Written by Bobbi Flekman 2006 ©
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SaslProfiles
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\WDigest

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\File system]
@="Driver Group"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\RpcSs]
@="Service"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\vgasave.sys]
@="Driver"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

Error: Key: software\microsoft\shared tools\msconfig\startupfolder does not exist!


SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

Error: Key: software\microsoft\shared tools\msconfig\startupreg does not exist!


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs

















































































Written by Bobbi Flekman 2006 ©
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components
7,0,5730,0
*
6,0,5730,11
6,0,5730,11
2,0,0,0
Q824145
5,0,3810,0
EN
1 (0x1)
EN
Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
Macromedia Shockwave Director 8.5.1
11,0,5721,5145
Q867801
1 (0x1)
DirectAnimation
Macromedia Shockwave Director 8.5.1
1,1,1,7
Q837009
4,7,0,0320
Q822925
2,0,2,049
*
1,397,2406,1
6,0,2800,1106
1 (0x1)
EN
11,0,5721,5145
0400090000008603
4,71,1113,0
7,0,5730,11
6,00,01,0223
5,6,0,8513
C:\Program Files\Messenger\msmsgs.exe
5,00,2918,1900
KB870669
7,0,5730,11
C:\WINDOWS\System32\msieftp.dll
11,0,5721,5145
4,9,9,2
10,0,0,1
WAB
.NET Framework
Q831167
Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)
Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)
en
en
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix
EN
7,0,5730,11
EN
Q828750
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{abcdf74f-9a64-4e6e-b8eb-6e5a41de6550}
1.0.0.2
6,0,5730,11
4,71,1968,1
2,1,4026,0
EN
5,00,3807,0
6,0,5730,11
5,0,00,0
Q832894
Windows Roots Update
Q823353
Q330994
Q818529



-- End of Deckard's System Scanner: finished at 2008-08-24 22:04:52 ------------

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 AM

Posted 28 August 2008 - 12:32 PM

Warning!
We found that a recent rootkit infection has been interfering with Deckard System Scanner (DSS) resulting in possible damage to the Operating System. We have pulled DSS from service, and if you have been using DSS, we recommend that you delete DSS.exe from your systems.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 AM

Posted 04 September 2008 - 10:21 AM

Please post a new HijackThis log using Trend Micro's HijackThis.
  • Please download Trend Micro - HijackThis.
  • Double click HJTInstall.exe to begin installation.
  • Accept the installation location, which by default is C:\Program Files\Trend Micro\HijackThis or click the Browse... button if you want to save it in another location.
  • Click Install.
  • A shortcut will be created on your Desktop and HijackThis will run automatically.
  • You will need to accept the EULA, if it appears, to be able to use the tool.
  • When HijackThis opens, click on the Do a system scan and save a log file button.
  • When HijackThis has finished scanning, a window entitled hijackthis.log will open. When you close this window, the log will be saved into the HijackThis folder.
  • If needed, see TrendMicro™ HijackThis™ Quick Start Guide
  • Copy and paste this log into your next reply.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 themistocles

themistocles
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 09 September 2008 - 05:32 AM

Thanks for the response. In the four weeks since I first posted, I was able to get assistance on another board. Feel free to close the thread.

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 AM

Posted 09 September 2008 - 07:16 AM

All of the people who volunteer on forums are members that donate their time to help you, the victim, fix your computer. We have members from all over the world so sometimes, we have coverage over a 24 hour period but the volunteers will only be online a few hours of those 24 hours.

Unfortunately, we often take a day or more to respond to your post because we are flooded with people whose computers have been made useless by malware. Occasionally, a post may be overlooked because of a sudden increase in the number of requests for help or due to its complexity because not everyone here is qualified to help with every type of problem.

Right now, we have over 450 victims waiting to be helped. I am sorry we were unable to help you but I am glad that you were able to get help at another forum.

Thank you for letting me know so I can close this thread.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 AM

Posted 09 September 2008 - 07:20 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users