Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With Popups!


  • Please log in to reply
7 replies to this topic

#1 ToddmanF7

ToddmanF7

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 24 August 2008 - 12:37 PM

I have a friends computer that has a problem with Popups. I've ran every virus/spyware scanner and it finds nothing. I have attached the HiJackthis log.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:12 AM

Posted 24 August 2008 - 12:42 PM

Hello ToddmanF7

Welcome to BleepingComputer :thumbsup:
========================
Please attach this log

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Edited by kahdah, 24 August 2008 - 12:42 PM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 ToddmanF7

ToddmanF7
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 29 August 2008 - 08:21 PM

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 20:41:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden files ...

IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\desktop.ini 62 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\Credentials
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\Credentials\S-1-5-21-57989841-1957994488-682003330-500
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\Internet Explorer
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\Internet Explorer\brndlog.bak 113 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\Internet Explorer\brndlog.txt 141 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\Protect
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\Protect\CREDHIST 160 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\SystemCertificates
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\SystemCertificates\My\Certificates
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\SystemCertificates\My\CRLs
C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\SystemCertificates\My\CTLs
C:\Documents and Settings\Administrator.YAMAHA.003\Cookies
C:\Documents and Settings\Administrator.YAMAHA.003\Cookies\index.dat 16384 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Desktop
C:\Documents and Settings\Administrator.YAMAHA.003\Favorites
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\IconCache.db 3712656 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\CD Burning
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\Credentials
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-57989841-1957994488-682003330-500
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\Internet Explorer
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT 16384 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\Windows
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 262144 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG 1024 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\desktop.ini 62 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\History
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\History\desktop.ini 113 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\History\History.IE5\desktop.ini 113 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\History\History.IE5\index.dat 16384 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temp
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3JQNB5E7
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3JQNB5E7\desktop.ini 67 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3JQNB5E7\helpdoc[1] 2550 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3JQNB5E7\mainpage2[1] 3716 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3JQNB5E7\popup[1] 1142 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3JQNB5E7\users[1] 25214 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3PXY6YOG
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3PXY6YOG\classic[1] 3110 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3PXY6YOG\desktop.ini 67 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3PXY6YOG\passwordpage2[1] 1546 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3PXY6YOG\popup[1] 1482 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3PXY6YOG\selectable[1] 1396 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3PXY6YOG\users32[1] 2238 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\9509UL6U
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\9509UL6U\chg_common[1] 2663 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\9509UL6U\desktop.ini 67 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\9509UL6U\mainpage[1] 3288 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\9509UL6U\nusrmgr[1] 1757 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\9509UL6U\nusrmgr[2] 8116 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\9509UL6U\pw_common[1] 2371 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG\body[1] 1654 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG\desktop.ini 67 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG\guest_disabled[1] 3492 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG\localtext[1] 4984 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG\mainpage[1] 9262 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG\nusrmgr[1] 2600 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG\pwcreate[1] 2681 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\desktop.ini 67 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\My Documents
C:\Documents and Settings\Administrator.YAMAHA.003\NetHood
C:\Documents and Settings\Administrator.YAMAHA.003\NTUSER.DAT 1835008 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\NTUSER.DAT.LOG 1024 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\ntuser.ini 178 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\PrintHood
C:\Documents and Settings\Administrator.YAMAHA.003\Recent
C:\Documents and Settings\Administrator.YAMAHA.003\SendTo
C:\Documents and Settings\Administrator.YAMAHA.003\SendTo\Compressed (zipped) Folder.ZFSendToTarget 0 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\SendTo\Desktop (create shortcut).DeskLink 0 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\SendTo\desktop.ini 181 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\SendTo\Mail Recipient.MAPIMail 0 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\desktop.ini 62 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Accessibility
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Accessibility\desktop.ini 348 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk 1525 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk 1532 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk 1501 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk 1539 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Command Prompt.lnk 1555 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\desktop.ini 482 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Entertainment
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Entertainment\desktop.ini 84 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Notepad.lnk 1519 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk 386 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Synchronize.lnk 1519 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Tour Windows XP.lnk 1527 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Windows Explorer.lnk 1487 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\desktop.ini 206 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Remote Assistance.lnk 1599 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Startup
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Startup\desktop.ini 84 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Windows Media Player.lnk 792 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Templates
C:\Documents and Settings\Administrator.YAMAHA.003\Templates\amipro.sam 4570 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Templates\excel.xls 5632 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Templates\excel4.xls 1518 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Templates\lotus.wk4 2448 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Templates\powerpnt.ppt 12288 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Templates\presenta.shw 461 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Templates\quattro.wb2 4017 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Templates\sndrec.wav 58 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Templates\winword.doc 4608 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Templates\winword2.doc 1769 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Templates\wordpfct.wpd 30 bytes
C:\Documents and Settings\Administrator.YAMAHA.003\Templates\wordpfct.wpg 57 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\Desktop\Autumns Pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\Desktop\Connors Pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\Favorites\business\'96 Simplicity Regent riding mower with Twin Bagger - $350 -.url:favicon 1150 bytes
C:\Documents and Settings\Todd Baechle\Favorites\business\Visa USA Merchants Acquirer List.url:favicon 0 bytes
C:\Documents and Settings\Todd Baechle\Favorites\Jacks Small Engines Order Information.url:favicon 1406 bytes
C:\Documents and Settings\Todd Baechle\Favorites\XTREME SLED PARTS.url:favicon 3638 bytes
C:\Documents and Settings\Todd Baechle\Incomplete\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\LightScribe\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\flooding baptism\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\halloween07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\misc\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\tools\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\tylers 1st bd\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\Picture\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\Tyler\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\christmas07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\New Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\waterpark\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\Wyoming 3-06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\wyoming1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\wyoming2\New Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\wyoming3\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\wyoming4\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Todd Baechle\My Documents\My Videos\Thumbs.db:encryptable 0 bytes

scan completed successfully
hidden files: 169

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:12 AM

Posted 29 August 2008 - 08:54 PM

Hi you posted the wrong log please re-read my previous instructions I will need the Entire OT Scan it log.
Thanks.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 ToddmanF7

ToddmanF7
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 31 August 2008 - 02:38 PM

OTScanIt logfile created on: 8/31/2008 2:33:24 PM

OTScanIt by OldTimer - Version 1.0.17.0	 Folder = C:\Documents and Settings\Todd Baechle\Desktop\OTScanIt

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

991.48 Mb Total Physical Memory | 388.02 Mb Available Physical Memory | 39.14% Memory free

1.58 Gb Paging File | 1.05 Gb Available in Paging File | 66.29% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 50.14 Gb Total Space | 26.36 Gb Free Space | 52.57% Space Free | Partition Type: NTFS

Drive D: | 5.74 Gb Total Space | 5.74 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: YAMAHA

Current User Name: Todd Baechle

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user



[Processes - Non-Microsoft Only]

jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]

e_fatiada.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIADA.EXE -> SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 98304 bytes | Modified Date = 2/1/2005 10:00:00 PM | Attr =	]

wkssb.exe -> %ProgramFiles%\Microsoft Works\wkssb.exe -> Microsoft® Corporation [Ver = 6.00.1902.0 | Size = 311350 bytes | Modified Date = 8/8/2000 3:00:00 PM | Attr =	]

avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 1235736 bytes | Modified Date = 8/30/2008 8:37:23 AM | Attr =	]

teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 12:43:40 PM | Attr = RHS]

nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 143360 bytes | Modified Date = 12/23/2006 7:05:20 PM | Attr =	]

anydvdtray.exe -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVDtray.exe -> SlySoft, Inc. [Ver = 6.4.5.9 | Size = 2161600 bytes | Modified Date = 8/1/2008 8:32:10 AM | Attr =	]

lightscribecontrolpanel.exe -> %CommonProgramFiles%\LightScribe\LightScribeControlPanel.exe -> Hewlett-Packard Company [Ver = 1.10.27.1 | Size = 2295072 bytes | Modified Date = 12/5/2007 1:30:28 PM | Attr =	]

wkcalrem.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkCalRem.exe -> Microsoft® Corporation [Ver = 6.00.1828.1 | Size = 24633 bytes | Modified Date = 8/8/2000 3:00:00 PM | Attr =	]

nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 905216 bytes | Modified Date = 12/23/2006 7:04:42 PM | Attr =	]

applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr =	]

avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 231704 bytes | Modified Date = 8/30/2008 8:37:19 AM | Attr =	]

lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.10.27.1 | Size = 79136 bytes | Modified Date = 12/5/2007 1:34:52 PM | Attr =	]

avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 287000 bytes | Modified Date = 7/3/2008 9:16:26 AM | Attr =	]

nmindexingservice.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 262144 bytes | Modified Date = 12/23/2006 6:54:04 PM | Attr =	]

jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 329104 bytes | Modified Date = 2/22/2008 4:25:20 AM | Attr =	]

limewire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 2/8/2008 4:32:57 PM | Attr =	]

otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.17.0 | Size = 402944 bytes | Modified Date = 8/26/2008 8:26:02 PM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr =	]

(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 231704 bytes | Modified Date = 8/30/2008 8:37:19 AM | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 7:12:17 PM | Attr =	]

(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.10.27.1 | Size = 79136 bytes | Modified Date = 12/5/2007 1:34:52 PM | Attr =	]

(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 262144 bytes | Modified Date = 12/23/2006 6:54:04 PM | Attr =	]



[Driver Services - Non-Microsoft Only]

(AnyDVD) AnyDVD [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.4.5.9 | Size = 99648 bytes | Modified Date = 8/1/2008 8:27:35 AM | Attr =	]

(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\aspi32.sys -> Adaptec [Ver = 4.57 (1008) | Size = 23936 bytes | Modified Date = 12/22/1997 9:02:46 PM | Attr =	]

(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 97928 bytes | Modified Date = 8/30/2008 8:37:18 AM | Attr =	]

(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.132 | Size = 26824 bytes | Modified Date = 7/3/2008 9:16:26 AM | Attr =	]

(basic2) basic2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_BSC2.sys -> Conexant [Ver = 3.05.12.04 | Size = 67167 bytes | Modified Date = 8/17/2001 8:28:04 AM | Attr =	]

(BT) Bluetooth PAN Network Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\btnetdrv.sys -> File not found

(Btcsrusb) Bluetooth USB For Bluetooth Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\btcusb.sys -> File not found

(BTHidEnum) Bluetooth HID Enumerator [Kernel | Boot | Stopped] -> %SystemRoot%\System32\Drivers\vbtenum.sys -> File not found

(BTHidMgr) Bluetooth HID Manager Service [Kernel | Boot | Stopped] -> %SystemRoot%\System32\Drivers\BTHidMgr.sys -> File not found

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 1:44:48 PM | Attr =	]

(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 1:44:46 PM | Attr =	]

(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr =	]

(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 1, 2 | Size = 24392 bytes | Modified Date = 7/21/2008 7:11:58 AM | Attr =	]

(ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ElbyDelay.sys -> Elaborate Bytes AG [Ver = 5, 1, 0, 1 | Size = 11984 bytes | Modified Date = 2/15/2007 7:56:49 PM | Attr =	]

(Fallback) Fallback [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_FALL.sys -> Conexant [Ver = 3.05.12.04 | Size = 289887 bytes | Modified Date = 8/17/2001 8:28:06 AM | Attr =	]

(Fsks) Fsks [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_FSKS.sys -> Conexant [Ver = 3.05.12.04 | Size = 115807 bytes | Modified Date = 8/17/2001 8:28:06 AM | Attr =	]

(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Modified Date = 8/4/2004 12:41:46 AM | Attr =	]

(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Modified Date = 8/4/2004 12:41:54 AM | Attr =	]

(hsf_msft) hsf_msft [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_MSFT.sys -> Conexant [Ver = 3.05.12.06 | Size = 542879 bytes | Modified Date = 8/17/2001 8:28:10 AM | Attr =	]

(K56) K56 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_K56K.sys -> Conexant [Ver = 3.05.12.04 | Size = 391199 bytes | Modified Date = 8/17/2001 8:28:08 AM | Attr =	]

(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Modified Date = 8/4/2004 12:41:55 AM | Attr =	]

(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 21248 bytes | Modified Date = 9/19/2003 4:45:48 PM | Attr =	]

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr =	]

(Rksample) Rksample [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_SAMP.sys -> Conexant [Ver = 3.05.12.05 | Size = 57471 bytes | Modified Date = 8/17/2001 8:28:10 AM | Attr =	]

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/4/2004 12:31:32 AM | Attr =	]

(S3SavageNB) S3SavageNB [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Modified Date = 8/4/2004 12:29:51 AM | Attr =	]

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]

(SoftFax) SoftFax [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_FAXX.sys -> Conexant [Ver = 3.05.12.04 | Size = 199711 bytes | Modified Date = 8/17/2001 8:28:06 AM | Attr =	]

(SQTECH905C) DualCamera [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Capt905c.sys -> Service & Quality Technology. [Ver = 0, 0, 1, 14 | Size = 38937 bytes | Modified Date = 3/24/2005 5:21:22 PM | Attr =	]

(Tones) Tones [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_TONE.sys -> Conexant [Ver = 3.05.12.04 | Size = 50751 bytes | Modified Date = 8/17/2001 8:28:12 AM | Attr =	]

(tosdvdd) tosdvdd [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\tosdvdd.sys -> File not found

(V124) V124 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_V124.sys -> Conexant [Ver = 3.05.12.04 | Size = 488383 bytes | Modified Date = 8/17/2001 8:28:12 AM | Attr =	]

(VComm) Virtual Serial port driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\VComm.sys -> File not found

(VcommMgr) Bluetooth VComm Manager Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\VcommMgr.sys -> File not found

(VIAudio) VIA AC'97 Audio Controller (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ac97via.sys -> VIA Technologies, Inc. [Ver = 5.10.00.3622 built by: WinDDK | Size = 84480 bytes | Modified Date = 8/4/2004 12:32:31 AM | Attr =	]

(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Modified Date = 8/4/2004 12:41:48 AM | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr =	]

AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 1235736 bytes | Modified Date = 8/30/2008 8:37:23 AM | Attr =	]

EPSON Stylus CX4800 Series -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIADA.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"] -> SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 98304 bytes | Modified Date = 2/1/2005 10:00:00 PM | Attr =	]

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> File not found

Microsoft Works Portfolio -> %ProgramFiles%\Microsoft Works\wkssb.exe [C:\Program Files\Microsoft Works\WksSb.exe /AllUsers] -> Microsoft® Corporation [Ver = 6.00.1902.0 | Size = 311350 bytes | Modified Date = 8/8/2000 3:00:00 PM | Attr =	]

Microsoft Works Update Detection -> %ProgramFiles%\Microsoft Works\WkDetect.exe [C:\Program Files\Microsoft Works\WkDetect.exe] -> Microsoft® Corporation [Ver = 6.00.1828.1 | Size = 28739 bytes | Modified Date = 8/8/2000 3:00:00 PM | Attr =	]

NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 4:40:44 PM | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 11:56:54 AM | Attr =	]

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]

WorksFUD -> %ProgramFiles%\Microsoft Works\wkfud.exe [C:\Program Files\Microsoft Works\wkfud.exe] -> Microsoft® Corporation [Ver = 6.00.1828.1 | Size = 24576 bytes | Modified Date = 8/8/2000 3:00:00 PM | Attr =	]

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

AnyDVD -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVDtray.exe [C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe] -> SlySoft, Inc. [Ver = 6.4.5.9 | Size = 2161600 bytes | Modified Date = 8/1/2008 8:32:10 AM | Attr =	]

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 1, 5, 13, 0 | Size = 143360 bytes | Modified Date = 12/23/2006 7:05:20 PM | Attr =	]

LightScribe Control Panel -> %CommonProgramFiles%\LightScribe\LightScribeControlPanel.exe [C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden] -> Hewlett-Packard Company [Ver = 1.10.27.1 | Size = 2295072 bytes | Modified Date = 12/5/2007 1:30:28 PM | Attr =	]

MsnMsgr -> %ProgramFiles%\Windows Live\Messenger\MsnMsgr.Exe ["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> File not found

SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 12:43:40 PM | Attr = RHS]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkCalRem.exe -> Microsoft® Corporation [Ver = 6.00.1828.1 | Size = 24633 bytes | Modified Date = 8/8/2000 3:00:00 PM | Attr =	]

< Todd Baechle Startup Folder > -> C:\Documents and Settings\Todd Baechle\Start Menu\Programs\Startup -> 

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 7:12:19 PM | Attr =	]

*MultiFile Done* -> -> 

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 

C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 7:12:38 PM | Attr =	]

*MultiFile Done* -> -> 

*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 

logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 7:12:24 PM | Attr =	]

*MultiFile Done* -> -> 

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 

rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =	]

Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 7:12:41 PM | Attr =	]

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 

< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->

*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 

SCSI miniport ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 1:40:46 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 

*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 

NEC	 MBR-7	->  -> File not found

NEC	 MBR-7.4  ->  -> File not found

PIONEER CHANGR DRM-1804X ->  -> File not found

PIONEER CD-ROM DRM-6324X ->  -> File not found

PIONEER CD-ROM DRM-624X  ->  -> File not found

TORiSAN CD-ROM CDR_C36 ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 

< Drives with AutoRun files > ->  -> 

AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 12/18/2007 11:25:07 PM | Attr =	]

< HOSTS File > (250500 bytes and 8775 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

First 25 entries...

127.0.0.1	   localhost

127.0.0.1	007guard.com

127.0.0.1	www.007guard.com

127.0.0.1	008i.com

127.0.0.1	008k.com

127.0.0.1	www.008k.com

127.0.0.1	00hq.com

127.0.0.1	www.00hq.com

127.0.0.1	010402.com

127.0.0.1	032439.com

127.0.0.1	www.032439.com

127.0.0.1	1001-search.info

127.0.0.1	www.1001-search.info

127.0.0.1	100888290cs.com

127.0.0.1	www.100888290cs.com

127.0.0.1	100sexlinks.com

127.0.0.1	www.100sexlinks.com

127.0.0.1	10sek.com

127.0.0.1	www.10sek.com

127.0.0.1	123topsearch.com

127.0.0.1	www.123topsearch.com

127.0.0.1	132.com

127.0.0.1	www.132.com

127.0.0.1	136136.net

127.0.0.1	www.136136.net

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4593 domain(s) found. -> 

42 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4592 domain(s) found. -> 

41 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.152 | Size = 455960 bytes | Modified Date = 8/30/2008 8:37:20 AM | Attr =	]

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 12:43:28 PM | Attr =	]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]

{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o				   [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 7/3/2008 9:16:34 AM | Attr =	]

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o				   [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 7/3/2008 9:16:34 AM | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o				   [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 7/3/2008 9:16:34 AM | Attr =	]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 12:43:28 PM | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]

CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 12:43:28 PM | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{23E21A20-21A8-4811-87F6-5C7D5F133129} -> 24.196.64.53,68.115.71.53   (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 

{DBA700FD-3E08-4903-909A-7E31816E9BD1} ->	() -> 

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver =  | Size = 79128 bytes | Modified Date = 7/3/2008 9:16:31 AM | Attr =	]

msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 

{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://photo.walgreens.com/WalgreensActivia.cab[Snapfish Activia] -> 

{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab[MySpace Uploader Control] -> 

{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198039616420[WUWebControl Class] -> 

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198093198109[MUWebControl Class] -> 

{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/luxr/default/mjolauncher.cab[MJLauncherCtrl Class] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 

{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> 

{C86FF4B0-AA1D-46D4-8612-025FB86583C7}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10[AstoundLauncher Control] -> 

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 

{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://www.popcap.com/games/popcaploader_v6.cab[PopCapLoader Object] -> 

< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AstoundLauncher.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AstoundLauncher.ocx\\.Owner -> {C86FF4B0-AA1D-46D4-8612-025FB86583C7} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AstoundLauncher.ocx\\{C86FF4B0-AA1D-46D4-8612-025FB86583C7} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mjolauncher.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mjolauncher.dll\\.Owner -> {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mjolauncher.dll\\{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\.Owner -> {48DD0448-9209-4F81-9F6D-D83562940134} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\{48DD0448-9209-4F81-9F6D-D83562940134} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/danim.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/danim.dll\\PowerDVD -> PowerDVD -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/danim.dll\\.Owner -> PowerDVD -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ddrawex.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ddrawex.dll\\PowerDVD -> PowerDVD -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ddrawex.dll\\.Owner -> PowerDVD -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/quartz.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/quartz.dll\\PowerDVD -> PowerDVD -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/quartz.dll\\.Owner -> PowerDVD -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {48DD0448-9209-4F81-9F6D-D83562940134} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{48DD0448-9209-4F81-9F6D-D83562940134} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 7:12:00 PM | Attr =	]

C:\WINDOWS\system32\khfFXnMf ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 7:11:56 PM | Attr =	]

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 7:12:00 PM | Attr =	]

schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =	]

wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 7:12:08 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 540 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 7:12:02 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 8F 02 2B 7C 6D 7C 9D 81 CC 78 57 26 E9 9E 15 A4 63 61 37 64 66 64 31 35 00 68 07 00 01 00 00 00 DC 00 00 00 E0 00 00 00 48 FA 06 00 97 55 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 86 C1 61 72  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 84 0F 5D 50 9C C5 54 01 55  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> CA E9 B7 DD 16 FA  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 36 35 86 71 74 EE B3 D1 59 C2 E5 44 98 42 2A 1E  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> FA 48 85 4E 3F C6 C8 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1016 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 7:11:55 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 7:12:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 1:53:32 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 7:12:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 2/8/2008 4:32:57 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> %ProgramFiles%\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.159 | Size = 641304 bytes | Modified Date = 8/29/2008 8:51:13 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 1:53:32 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 7:12:11 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 8/10/2008 4:08:31 PM | Attr =	]

ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 8/10/2008 4:08:56 PM | Attr =	]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

[Files Created - Additional Folder Scans - Non-Microsoft Only]

Ford Tough.jpg -> %UserProfile%\My Documents\Ford Tough.jpg ->  [Ver =  | Size = 42973 bytes | Created Date = 8/23/2008 8:01:52 AM | Attr =	]

Online payment account #'s.doc -> %UserProfile%\Desktop\Online payment account #'s.doc ->  [Ver =  | Size = 35840 bytes | Created Date = 8/20/2008 9:34:08 PM | Attr =	]

OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 8/28/2008 8:35:38 PM | Attr =	]

ShowLetter.htm -> %UserProfile%\Desktop\ShowLetter.htm ->  [Ver =  | Size = 67158 bytes | Created Date = 8/30/2008 12:24:01 PM | Attr =	]



[Files/Folders - Modified Within 30 days]

$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ ->  [Folder | Modified Date = 8/30/2008 9:05:15 PM | Attr =  H ]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 8/19/2008 3:00:27 AM | Attr =	]

Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 8/10/2008 4:08:31 PM | Attr =	]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/31/2008 2:32:34 PM | Attr = R  ]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/15/2008 8:48:31 AM | Attr =	]

Avg -> %SystemRoot%\System32\drivers\Avg ->  [Folder | Modified Date = 8/30/2008 9:38:14 PM | Attr =	]

incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 26731412 bytes | Modified Date = 8/30/2008 9:38:12 PM | Attr =	]

microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 80727 bytes | Modified Date = 8/30/2008 9:38:12 PM | Attr =	]

miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 211986 bytes | Modified Date = 8/8/2008 9:00:00 AM | Attr =	]

avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 97928 bytes | Modified Date = 8/30/2008 8:37:18 AM | Attr =	]

CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 8/21/2008 5:51:59 PM | Attr =	]

dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 8/15/2008 3:05:00 AM | Attr = RHS]

drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 8/30/2008 8:37:31 AM | Attr =	]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13002 bytes | Modified Date = 8/29/2008 9:34:33 AM | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 8/15/2008 3:04:52 AM | Attr =  H ]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/30/2008 11:10:10 AM | Attr =   S]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 8/13/2008 8:43:02 PM | Attr =   S]

ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 8/10/2008 4:08:56 PM | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 8/15/2008 3:04:55 AM | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/24/2008 1:15:10 PM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 8/19/2008 3:00:27 AM | Attr =  HS]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/31/2008 2:31:11 PM | Attr =	]

system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 8/15/2008 3:11:32 AM | Attr =	]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 8/31/2008 2:33:47 PM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/30/2008 11:10:16 AM | Attr =  H ]

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 12/19/2007 12:11:04 AM | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 8/18/2008 7:14:05 PM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5505 bytes | Modified Date = 8/18/2008 7:14:05 PM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 8/31/2008 12:50:03 AM | Attr =	]

wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/17/2008 9:13:39 PM | Attr =	]

wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat ->  [Ver =  | Size = 565720 bytes | Modified Date = 8/26/2008 10:39:03 PM | Attr =	]

wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat ->  [Ver =  | Size = 565720 bytes | Modified Date = 8/26/2008 10:39:03 PM | Attr =	]

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\UnityWebPlayer\ -> C:\Documents and Settings\Todd Baechle\Local Settings\Temp\UnityWebPlayer ->  [Folder | Modified Date = 8/24/2008 8:23:55 AM | Attr =	]

UnityWebPlayerUpdate.exe -> C:\Documents and Settings\Todd Baechle\Local Settings\Temp\UnityWebPlayer\UnityWebPlayerUpdate.exe -> Unity Technologies ApS [Ver = 2.1.0.16147 | Size = 90848 bytes | Modified Date = 8/2/2008 10:11:23 AM | Attr =	]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

iWin -> %AppData%\iWin ->  [Folder | Modified Date = 8/9/2008 10:22:30 PM | Attr =	]

LimeWire -> %AppData%\LimeWire ->  [Folder | Modified Date = 8/30/2008 9:12:26 PM | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 91648 bytes | Modified Date = 8/30/2008 10:20:26 PM | Attr =	]

Ford Tough.jpg -> %UserProfile%\My Documents\Ford Tough.jpg ->  [Ver =  | Size = 42973 bytes | Modified Date = 8/23/2008 3:01:00 AM | Attr =	]

My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 8/30/2008 11:11:40 AM | Attr = R  ]

Microsoft Word.lnk -> %UserProfile%\Desktop\Microsoft Word.lnk ->  [Ver =  | Size = 2473 bytes | Modified Date = 8/30/2008 7:46:52 PM | Attr =	]

Online payment account #'s.doc -> %UserProfile%\Desktop\Online payment account #'s.doc ->  [Ver =  | Size = 35840 bytes | Modified Date = 8/20/2008 9:34:09 PM | Attr =	]

OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 8/30/2008 9:09:59 PM | Attr =	]

ShowLetter.htm -> %UserProfile%\Desktop\ShowLetter.htm ->  [Ver =  | Size = 67158 bytes | Modified Date = 8/30/2008 12:24:11 PM | Attr =	]



[CatchMe Rootkit Scan by GMER]

< Windows folder & sub-folders >

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="avgrsstx.dll"

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

"LoadAppInit_DLLs"=dword:00000001

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

< Document and Settings folder & sub folders >

scanning hidden files ...

IPC error: 2 The system cannot find the file specified.

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\desktop.ini 62 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\Credentials

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\Credentials\S-1-5-21-57989841-1957994488-682003330-500

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\Internet Explorer

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\Internet Explorer\brndlog.bak 113 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\Internet Explorer\brndlog.txt 141 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\Protect

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\Protect\CREDHIST 160 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\SystemCertificates

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\SystemCertificates\My

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\SystemCertificates\My\Certificates

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\SystemCertificates\My\CRLs

C:\Documents and Settings\Administrator.YAMAHA.003\Application Data\Microsoft\SystemCertificates\My\CTLs

C:\Documents and Settings\Administrator.YAMAHA.003\Cookies

C:\Documents and Settings\Administrator.YAMAHA.003\Cookies\index.dat 16384 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Desktop

C:\Documents and Settings\Administrator.YAMAHA.003\Favorites

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\IconCache.db 3712656 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\CD Burning

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\Credentials

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-57989841-1957994488-682003330-500

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\Internet Explorer

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT 16384 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\Windows

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 262144 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG 1024 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\desktop.ini 62 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\History

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\History\desktop.ini 113 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\History\History.IE5

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\History\History.IE5\desktop.ini 113 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\History\History.IE5\index.dat 16384 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temp

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3JQNB5E7

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3JQNB5E7\desktop.ini 67 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3JQNB5E7\helpdoc[1] 2550 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3JQNB5E7\mainpage2[1] 3716 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3JQNB5E7\popup[1] 1142 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3JQNB5E7\users[1] 25214 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3PXY6YOG

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3PXY6YOG\classic[1] 3110 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3PXY6YOG\desktop.ini 67 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3PXY6YOG\passwordpage2[1] 1546 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3PXY6YOG\popup[1] 1482 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3PXY6YOG\selectable[1] 1396 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\3PXY6YOG\users32[1] 2238 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\9509UL6U

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\9509UL6U\chg_common[1] 2663 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\9509UL6U\desktop.ini 67 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\9509UL6U\mainpage[1] 3288 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\9509UL6U\nusrmgr[1] 1757 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\9509UL6U\nusrmgr[2] 8116 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\9509UL6U\pw_common[1] 2371 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\index.dat 32768 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG\body[1] 1654 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG\desktop.ini 67 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG\guest_disabled[1] 3492 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG\localtext[1] 4984 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG\mainpage[1] 9262 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG\nusrmgr[1] 2600 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\Content.IE5\NW9WWIEG\pwcreate[1] 2681 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Local Settings\Temporary Internet Files\desktop.ini 67 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\My Documents

C:\Documents and Settings\Administrator.YAMAHA.003\NetHood

C:\Documents and Settings\Administrator.YAMAHA.003\NTUSER.DAT 1835008 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\NTUSER.DAT.LOG 1024 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\ntuser.ini 178 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\PrintHood

C:\Documents and Settings\Administrator.YAMAHA.003\Recent

C:\Documents and Settings\Administrator.YAMAHA.003\SendTo

C:\Documents and Settings\Administrator.YAMAHA.003\SendTo\Compressed (zipped) Folder.ZFSendToTarget 0 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\SendTo\Desktop (create shortcut).DeskLink 0 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\SendTo\desktop.ini 181 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\SendTo\Mail Recipient.MAPIMail 0 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\desktop.ini 62 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Accessibility

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Accessibility\desktop.ini 348 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk 1525 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk 1532 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk 1501 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk 1539 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Command Prompt.lnk 1555 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\desktop.ini 482 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Entertainment

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Entertainment\desktop.ini 84 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Notepad.lnk 1519 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk 386 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Synchronize.lnk 1519 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Tour Windows XP.lnk 1527 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Accessories\Windows Explorer.lnk 1487 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\desktop.ini 206 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Remote Assistance.lnk 1599 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Startup

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Startup\desktop.ini 84 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Start Menu\Programs\Windows Media Player.lnk 792 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Templates

C:\Documents and Settings\Administrator.YAMAHA.003\Templates\amipro.sam 4570 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Templates\excel.xls 5632 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Templates\excel4.xls 1518 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Templates\lotus.wk4 2448 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Templates\powerpnt.ppt 12288 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Templates\presenta.shw 461 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Templates\quattro.wb2 4017 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Templates\sndrec.wav 58 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Templates\winword.doc 4608 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Templates\winword2.doc 1769 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Templates\wordpfct.wpd 30 bytes

C:\Documents and Settings\Administrator.YAMAHA.003\Templates\wordpfct.wpg 57 bytes

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\Application Data\Mozilla\Firefox\Profiles\9jqqtkl1.default\bookmarkbackups\bookmarks-2008-07-27.json

C:\Documents and Settings\Todd Baechle\Application Data\Mozilla\Firefox\Profiles\9jqqtkl1.default\bookmarkbackups\bookmarks-2008-07-28.json

C:\Documents and Settings\Todd Baechle\Application Data\Mozilla\Firefox\Profiles\9jqqtkl1.default\parent.lock

C:\Documents and Settings\Todd Baechle\Application Data\Mozilla\Firefox\Profiles\9jqqtkl1.default\places.sqlite-journal

C:\Documents and Settings\Todd Baechle\Desktop\Autumns Pics\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\Desktop\Connors Pics\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\Favorites\business\'96 Simplicity Regent riding mower with Twin Bagger - $350 -.url:favicon 1150 bytes

C:\Documents and Settings\Todd Baechle\Favorites\business\Visa USA  Merchants  Acquirer List.url:favicon 0 bytes

C:\Documents and Settings\Todd Baechle\Favorites\Jacks Small Engines Order Information.url:favicon 1406 bytes

C:\Documents and Settings\Todd Baechle\Favorites\XTREME SLED PARTS.url:favicon 3638 bytes

C:\Documents and Settings\Todd Baechle\Incomplete\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\jusched.log 8280 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\3LU5VSXQ.emf 384368 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample\Shortcut to Sample001.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample\Shortcut to Sample002.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample\Shortcut to Sample003.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample\Shortcut to Sample005.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample\Shortcut to Sample006.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample\Shortcut to Sample008.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample\Shortcut to Sample009.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample\Shortcut to Sample010.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample_1

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample_1\Shortcut to Sample001.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample_1\Shortcut to Sample002.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample_1\Shortcut to Sample003.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample_1\Shortcut to Sample005.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample_1\Shortcut to Sample006.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample_1\Shortcut to Sample008.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample_1\Shortcut to Sample009.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Albums\Sample_1\Shortcut to Sample010.lnk 938 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\java_install_reg.log 2288 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\JET5.tmp 0 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\JETF017.tmp 0 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\JETFF2B.tmp 0 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\JETFFB7.tmp 0 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\JETFFB8.tmp 0 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\JETFFE6.tmp 0 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\TWAIN.LOG 62655 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Twain001.Mtx 3 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Twunk001.MTX 156 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\Twunk002.MTX 0 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\wmplog00.sqm 1428 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\wmplog01.sqm 1428 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\wmplog02.sqm 1428 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\wmplog03.sqm 1428 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\wmplog04.sqm 1428 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\wmplog05.sqm 1692 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\~DF8A63.tmp 98304 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\~DFC7CA.tmp 16384 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\~DFC7D6.tmp 196608 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\~DFC7E7.tmp 98304 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\~WRF0000.tmp 16384 bytes

C:\Documents and Settings\Todd Baechle\Local Settings\Temp\~WRS0001.tmp 110688 bytes

C:\Documents and Settings\Todd Baechle\My Documents\LightScribe\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Music\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\flooding baptism\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\halloween07\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\misc\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\tools\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\tylers 1st bd\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\Picture\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\Tyler\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\christmas07\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\New Folder\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\waterpark\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\Wyoming 3-06\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\wyoming1\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\wyoming2\New Folder\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\wyoming3\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Pictures\wyoming4\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Todd Baechle\My Documents\My Videos\Thumbs.db:encryptable 0 bytes

scan completed successfully

hidden files: 214



< End of report >


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:12 AM

Posted 31 August 2008 - 02:57 PM

Download the HostsXpert 4.2 - Hosts File Manager.
Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

Then
  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
=============
Boot back into normal mode then do the following:
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
==================================
Please post the MalwareBytes log and a new Hijackthis log and let me know if you have any more popups.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 ToddmanF7

ToddmanF7
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 08 September 2008 - 09:34 PM

After sending the last log file I removed all files that were found in the Temporary Internet folder. That seemed to take care of the popups.

Thank you very much for all of your help!

:thumbsup:

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:12 AM

Posted 09 September 2008 - 04:17 AM

Hi that is good but you still need to check for other malware.
So if it is not to much trouble to please complete the last steps that I have posted please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users