Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Xp 2008 Leftovers


  • This topic is locked This topic is locked
13 replies to this topic

#1 InferionGhost

InferionGhost

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 05 September 2008 - 02:00 AM

I recently got infected with the Antivirus XP 2008 rogue software. Thanks to a combination of (newly updated) Malwarebytes' Anti-Malware, Super Anti-Spyware (free edition), Ad-Aware, and Spy-Bot Search and Destroy, I was able to get rid of the 400+ (indentifiable) infections that came with AVXP2008. However, I still get regular security (so-called, anyway) pop-up/prompts saying I'm still infected, that try to force me to 'enable protection'.
The 'reported' virus referenced include, but are not limited to:

Trojan-Downloader.Win32.Agent.bq
and
Trojan-Spy.Win32.KeyLogger.aa

So far AVG has been (IMO) next to useless, so I have been avoiding all the web sites I normally browse as a member, to protect myself from the key logger, but I'm out of ideas...
A buddy referenced me to this site, and one of the admins referred me to this specific forum.
I followed the steps in your prep guide, where I picked up a 2-way firewall and grabbed the HJT and ran it.
Here are my results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:04 AM, on 9/5/2008
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\Documents and Settings\All Users\Application Data\vszwzala\xqfabofw.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\PROGRA~2\AVG\AVG8\avgtray.exe
C:\PROGRA~2\MOZILL~1\FIREFOX.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~2\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files (x86)\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Hd02siyXeI] C:\Documents and Settings\All Users\Application Data\vszwzala\xqfabofw.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
O4 - Startup: Winamp.lnk = C:\Program Files (x86)\Winamp\winamp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files (x86)\Sygate\SPF\smc.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 6704 bytes


I'm assuming that my problem lies in one of the 'unknown owners' files, but I'm terrified of mucking through the system32 files without proper guidance...

BC AdBot (Login to Remove)

 


m

#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:43 PM

Posted 13 September 2008 - 10:29 PM

Hello, InferionGhost.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you would still like help, please post a new HiJack This log below, as things may have changed on your system.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 InferionGhost

InferionGhost
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 14 September 2008 - 11:37 AM

Thanks for your time. Problem is still there, but I've noticed that the false security pop-ups only hit when I'm starting up.
Also Malewarebytes will continue to find a malware trace program every few days

Here's the new log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:53 AM, on 9/14/2008
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\Documents and Settings\All Users\Application Data\vszwzala\xqfabofw.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\PROGRA~2\AVG\AVG8\avgtray.exe
C:\PROGRA~2\MOZILL~1\FIREFOX.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~2\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files (x86)\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Hd02siyXeI] C:\Documents and Settings\All Users\Application Data\vszwzala\xqfabofw.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
O4 - Startup: Winamp.lnk = C:\Program Files (x86)\Winamp\winamp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files (x86)\Sygate\SPF\smc.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 6739 bytes

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:43 PM

Posted 15 September 2008 - 03:41 PM

Hello, InferionGhost.

Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 InferionGhost

InferionGhost
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 16 September 2008 - 02:08 AM

I've disabled the resident shield on AVG, and turned off the teatimer on Spybot S & D, AND exited out of SUPERAntiSpyware, however, when I attempt to use Lop S&D, it auto-exits the window after I select my language. It blinks off too fast for me to catch the entire msg, but I do see 'for was unexpected at this time' flicker just before the window closes...

UPDATE (2:15 AM)
I am running windows XP 64-bit, and have tried it as the admin, but I get the same results.

UPDATE (2:28 AM)
Attempting to run the program in Safe Mode, w/ Admin user nets the same result.

Edited by InferionGhost, 16 September 2008 - 02:27 AM.


#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:43 PM

Posted 16 September 2008 - 02:57 PM

Hello, InferionGhost.
Hmm... looks like we're going to have to deal with that manually.

To do that I'm going to need some more information.

We need to run OTScanIt
Before running a new scan let's clean out the temporary folders.
Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • In the Rootkit Search area select Yes
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Disabled MS Config Items
      Reg - File Associations
      Reg - Uninstall List
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.

In your next reply, please include the following:
  • OTScanIt Report

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 InferionGhost

InferionGhost
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 16 September 2008 - 06:34 PM

Here it is:

OTScanIt logfile created on: 9/16/2008 6:29:46 PM
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\Blood Golem.SENTINUS\Desktop\OTScanIt
Windows Server 2003  Service Pack 1 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.1830)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
959.27 Mb Total Physical Memory | 655.57 Mb Available Physical Memory | 68.34% Memory free
2.28 Gb Paging File | 1.83 Gb Available in Paging File | 80.45% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 28.64 Gb Total Space | 7.58 Gb Free Space | 26.49% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 18.72 Gb Free Space | 25.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 531.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: SENTINUS
Current User Name: Blood Golem
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> SUPERAntiSpyware.com [Ver = 4, 21, 0, 1004 | Size = 1576176 bytes | Modified Date = 9/15/2008 1:36:31 AM | Attr =	]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 8:42:40 PM | Attr =	]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe ->  [Ver =  | Size = 36352 bytes | Modified Date = 10/10/2007 12:28:32 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Ati2evxx.exe -> File not found
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2saag.exe ->  [Ver = 5.13.0025 | Size = 585216 bytes | Modified Date = 12/20/2006 10:05:00 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> File not found
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\lsass.exe -> File not found
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\imapi.exe -> File not found
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\msdtc.exe -> File not found
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\sessmgr.exe -> File not found
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]
(TlntSvr) Telnet [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\tlntsvr.exe -> File not found
(vds) Virtual Disk Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vds.exe -> File not found
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vssvc.exe -> File not found
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wbem\wmiapsrv.exe -> File not found

[Driver Services - Non-Microsoft Only]
(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ACPI.sys -> File not found
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\aec.sys -> File not found
(AFD) AFD [Kernel | System | Running] -> %SystemRoot%\System32\drivers\afd.sys -> File not found
(AmdK8) AMD K8 Processor Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\amdk8.sys -> File not found
(Arp1394) 1394 ARP Client Protocol [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\arp1394.sys -> File not found
(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\asyncmac.sys -> File not found
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\atapi.sys -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ati2mtag.sys -> File not found
(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\atmarpc.sys -> File not found
(audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\audstub.sys -> File not found
(AvgLdx64) AVG Free AVI Loader Driver x64 [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgldx64.sys -> File not found
(AvgMfx64) AVG Free On-access Scanner Minifilter Driver x64 [File_System | System | Running] -> %SystemRoot%\System32\Drivers\avgmfx64.sys -> File not found
(AvgTdiA) AVG Free8 Network Redirector x64 [Kernel | Auto | Running] -> %SystemRoot%\System32\Drivers\avgtdia.sys -> File not found
(Beep) Beep [Kernel | System | Running] ->  -> File not found
(CdaC15BA) CdaC15BA [Kernel | Auto | Running] -> %SystemRoot%\System32\DRIVERS\CdaC15BA.sys -> File not found
(CdaD10BA) CdaD10BA [Kernel | Auto | Running] -> %SystemRoot%\System32\DRIVERS\CdaD10BA.sys -> File not found
(Cdfs) Cdfs [File_System | Disabled | Running] ->  -> File not found
(Cdrom) CD-ROM Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\cdrom.sys -> File not found
(crcdisk) CRC Disk Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\crcdisk.sys -> File not found
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ctsfm2k.sys -> File not found
(Disk) Disk Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\disk.sys -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> File not found
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmio.sys -> File not found
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> File not found
(Fastfat) Fastfat [File_System | Disabled | Running] ->  -> File not found
(Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\fdc.sys -> File not found
(Fips) Fips [Kernel | System | Running] ->  -> File not found
(FltMgr) FltMgr [File_System | Boot | Running] -> %SystemRoot%\system32\DRIVERS\fltMgr.sys -> File not found
(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ftdisk.sys -> File not found
(Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\msgpc.sys -> File not found
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HdAudio.sys -> File not found
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HDAudBus.sys -> File not found
(HidUsb) Microsoft HID Class Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\hidusb.sys -> File not found
(HTTP) HTTP [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\HTTP.sys -> File not found
(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\i8042prt.sys -> File not found
(imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\imapi.sys -> File not found
(Ip6Fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\Ip6Fw.sys -> File not found
(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ipfltdrv.sys -> File not found
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ipinip.sys -> File not found
(IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ipnat.sys -> File not found
(IPSec) IPSEC driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\ipsec.sys -> File not found
(IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\irenum.sys -> File not found
(isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\isapnp.sys -> File not found
(Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\kbdclass.sys -> File not found
(kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\kmixer.sys -> File not found
(KSecDD) KSecDD [Kernel | Boot | Running] ->  -> File not found
(ksthunk) Kernel Streaming WOW64 Thunk Service [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ksthunk.sys -> File not found
(mnmdd) mnmdd [Kernel | System | Running] ->  -> File not found
(Mouclass) Mouse Class Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\mouclass.sys -> File not found
(MountMgr) Mount Point Manager [Kernel | Boot | Running] ->  -> File not found
(MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\mrxdav.sys -> File not found
(MRxSmb) MRxSmb [File_System | System | Running] -> %SystemRoot%\System32\DRIVERS\mrxsmb.sys -> File not found
(Msfs) Msfs [File_System | System | Running] ->  -> File not found
(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\MSKSSRV.sys -> File not found
(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\MSPCLOCK.sys -> File not found
(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\MSPQM.sys -> File not found
(mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\mssmbios.sys -> File not found
(Mup) Mup [File_System | Boot | Running] ->  -> File not found
(NDIS) NDIS System Driver [Kernel | Boot | Running] ->  -> File not found
(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ndistapi.sys -> File not found
(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ndisuio.sys -> File not found
(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ndiswan.sys -> File not found
(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] ->  -> File not found
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> %SystemRoot%\System32\DRIVERS\netbios.sys -> File not found
(NetBT) NetBios over Tcpip [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\netbt.sys -> File not found
(NIC1394) 1394 Net Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\nic1394.sys -> File not found
(Npfs) Npfs [File_System | System | Running] ->  -> File not found
(Ntfs) Ntfs [File_System | Disabled | Running] ->  -> File not found
(Null) Null [Kernel | System | Running] ->  -> File not found
(ohci1394) VIA OHCI Compliant IEEE 1394 Host Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ohci1394.sys -> File not found
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ctoss2k.sys -> File not found
(P1764) Sound Blaster Audigy [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\P1764.sys -> File not found
(p17filtx) p17filtx [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\p17filtx.sys -> File not found
(Parport) Parallel port driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\parport.sys -> File not found
(PartMgr) Partition Manager [Kernel | Boot | Running] ->  -> File not found
(PCI) PCI Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\pci.sys -> File not found
(PCIIde) PCIIde [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\pciide.sys -> File not found
(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\raspptp.sys -> File not found
(PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\psched.sys -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> File not found
(PxHlpa64) PxHlpa64 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHlpa64.sys -> File not found
(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\rasacd.sys -> File not found
(Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\rasl2tp.sys -> File not found
(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\raspppoe.sys -> File not found
(Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\raspti.sys -> File not found
(Rdbss) Rdbss [File_System | System | Running] -> %SystemRoot%\System32\DRIVERS\rdbss.sys -> File not found
(RDPCDD) RDPCDD [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\RDPCDD.sys -> File not found
(rdpdr) Terminal Server Device Redirector Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\rdpdr.sys -> File not found
(RDPWD) RDPWD [Kernel | On_Demand | Running] ->  -> File not found
(redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\redbook.sys -> File not found
(RT2500) Linksys RT2500 Wireless Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\RT2500.sys -> File not found
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\RTL39A64.SYS -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 8/19/2008 11:34:20 PM | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS ->  SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 8/19/2008 11:34:22 PM | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 8/19/2008 11:34:20 PM | Attr =	]
(Secdrv) Security Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> File not found
(serenum) Serenum Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\serenum.sys -> File not found
(Serial) Serial port driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\serial.sys -> File not found
(splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\splitter.sys -> File not found
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\sptd.sys -> File not found
(sr) System Restore Filter Driver [File_System | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sr.sys -> File not found
(Srv) Srv [File_System | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\srv.sys -> File not found
(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\swenum.sys -> File not found
(swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\swmidi.sys -> File not found
(sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\sysaudio.sys -> File not found
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\tcpip.sys -> File not found
(TDTCP) TDTCP [Kernel | On_Demand | Running] ->  -> File not found
(Teefer) Teefer for NT [Kernel | Boot | Stopped] -> %SystemRoot%\system32\Drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 10/15/2004 6:17:02 PM | Attr =	]
(TermDD) Terminal Device Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\termdd.sys -> File not found
(Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\update.sys -> File not found
(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\usbehci.sys -> File not found
(usbhub) USB2 Enabled Hub [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\usbhub.sys -> File not found
(usbohci) Microsoft USB Open Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\usbohci.sys -> File not found
(USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\USBSTOR.SYS -> File not found
(vga) vga [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\vgapnp.sys -> File not found
(VgaSave) VGA Display Controller. [Kernel | System | Running] -> %SystemRoot%\System32\drivers\vga.sys -> File not found
(VolSnap) Storage volumes [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\volsnap.sys -> File not found
(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\wanarp.sys -> File not found
(Wdf01000) Wdf01000 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\Wdf01000.sys -> File not found
(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\wdmaud.sys -> File not found
(wg3n) SyGate for NT, wg3n [Kernel | Auto | Stopped] -> %SystemRoot%\system32\Drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:38 PM | Attr =	]
(wg4n) SyGate for NT, wg4n [Kernel | Auto | Stopped] -> %SystemRoot%\system32\Drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:40 PM | Attr =	]
(wg5n) SyGate for NT, wg5n [Kernel | Auto | Stopped] -> %SystemRoot%\system32\Drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:42 PM | Attr =	]
(wg6n) SyGate for NT, wg6n [Kernel | Auto | Stopped] -> %SystemRoot%\system32\Drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:44 PM | Attr =	]
(wpsdrvnt) wpsdrvnt [Kernel | System | Stopped] -> %SystemRoot%\system32\Drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 10/15/2004 6:18:46 PM | Attr =	]
(WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\WudfPf.sys -> File not found
(WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wudfrd.sys -> File not found
(xusb21) Xbox 360 Wireless Receiver Driver Service 21 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\xusb21.sys -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~2\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 1235736 bytes | Modified Date = 9/1/2008 9:09:50 AM | Attr =	]
P17Helper -> %SystemRoot%\system32\P17.dll [Rundll32 P17.dll,P17Helper] ->  [Ver = 1.0.1.107 | Size = 81408 bytes | Modified Date = 3/17/2006 5:11:56 PM | Attr =	]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"] -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 8:42:40 PM | Attr =	]
SmcService -> %ProgramFiles%\Sygate\SPF\Smc.exe [C:\PROGRA~2\Sygate\SPF\smc.exe -startgui] -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_03\bin\jusched.exe ["C:\Program Files (x86)\Java\jre1.5.0_03\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 36975 bytes | Modified Date = 4/13/2005 3:48:52 AM | Attr =	]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe ["C:\Program Files (x86)\Winamp\winampa.exe"] ->  [Ver =  | Size = 36352 bytes | Modified Date = 10/10/2007 12:28:32 AM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
BitTorrent -> D:\Program Files (x86)\BitTorrent\bittorrent.exe ["D:\Program Files (x86)\BitTorrent\bittorrent.exe" --force_start_minimized] ->  [Ver =  | Size = 43008 bytes | Modified Date = 3/1/2007 6:11:22 PM | Attr =	]
Steam -> D:\Program Files (x86)\Steam\Steam.exe ["D:\Program Files (x86)\Steam\Steam.exe" -silent] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 4/9/2008 11:56:34 PM | Attr =	]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 21, 0, 1004 | Size = 1576176 bytes | Modified Date = 9/15/2008 1:36:31 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 1:48:20 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ->  [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 12:01:50 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk -> %CommonProgramFiles%\Microsoft Shared\Works Shared\wkcalrem.exe -> Microsoft® Corporation [Ver = 5.00.1928.1 | Size = 53317 bytes | Modified Date = 9/4/1999 5:23:00 PM | Attr =	]
< Blood Golem.SENTINUS Startup Folder > -> C:\Documents and Settings\Blood Golem.SENTINUS\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\Trillian.lnk -> %ProgramFiles%\Trillian\trillian.exe -> Cerulean Studios [Ver = 3, 1, 7, 0 | Size = 1873280 bytes | Modified Date = 7/19/2007 | Attr =	]
%UserProfile%\Start Menu\Programs\Startup\Winamp.lnk -> %ProgramFiles%\Winamp\winamp.exe -> Nullsoft [Ver = 5,5,0,1640 | Size = 1250816 bytes | Modified Date = 10/10/2007 12:29:14 AM | Attr =	]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 5/13/2008 10:13:36 AM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\system32\explorer.exe -> Microsoft Corporation [Ver = 6.00.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 1050624 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
*System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System -> 
lsass.exe ->  -> File not found
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 26112 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
%SystemRoot%\system32\logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 516096 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.3790.3033 (srv03_sp1_gdr.071025-1309) | Size = 8383488 bytes | Modified Date = 11/8/2007 1:51:22 AM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 301056 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1048 | Size = 352256 bytes | Modified Date = 7/23/2008 4:28:18 PM | Attr =	]
AtiExtEvent ->  -> File not found
ScCertProp ->  -> File not found
Schedule ->  -> File not found
SensLogn ->  -> File not found
termsrv ->  -> File not found
wlballoon ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Hd02siyXeI -> %AllUsersProfile%\Application Data\vszwzala\xqfabofw.exe [C:\Documents and Settings\All Users\Application Data\vszwzala\xqfabofw.exe] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> system32\DRIVERS\cdrom.sys -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 2/15/2007 10:32:32 PM | Attr =	]
AUTORUN.EXE [MZ | ] -> H:\AUTORUN.EXE [ CDFS ] -> Dipl.-Ing. Stefan Krueger <skrueger@installsite.org> [Ver = 1, 0, 3, 0 | Size = 28672 bytes | Modified Date = 1/17/2000 7:28:36 PM | Attr = R  ]
autorun.inf [[autorun] | open=autorun.exe | ICON=setup\extras\STBC.ico |  | shell\dinstall\command=Setup\Directx\dxsetup.exe | shell\dinstall=&Install DirectX... | ] -> H:\autorun.inf [ CDFS ] ->  [Ver =  | Size = 143 bytes | Modified Date = 1/10/2002 7:46:40 PM | Attr = R  ]
AUTORUN.INI [; Smart CD Autorun Launcher |; by Dipl.-Ing. Stefan Krueger |; <skrueger@installsite.org> |  | [Application] |; Enter the registry location of for your application's App Path entry under  |; HKEY_LOCAL_MACHINE. InstallShield creates this entry with the call  |; RegDBSetItem( REGDB_APPPATH_DEFAULT, szAppPath ^ @PRODUCT_KEY ); |; RegKey="Software\Activision\Star Trek Armada II\INSTALLDIREXE\Armada2.exe" |  |  |; Should application be started automatically if it is already installed? |; (Boolean: 0 or 1) | Start=0 |  | [Setup] |; Specify absolute path to your main setup program. The drive letter (with  |; colon) will be prepended automatically |; You can also add command line parameters. Example: |; Run=\setup.exe  |; Do not use long file names! | Run=\bin\autorun.exe |  |; Specify your setup's window class. Required to prevent launching of multiple  |; instances of setup if CD is removed and re-inserted during installation. | WindowClass=WinSupClass |  |; Additionally specify your setup's window title (optional) |;WindowTitle=Elite Force |  | ] -> H:\AUTORUN.INI [ CDFS ] ->  [Ver =  | Size = 1044 bytes | Modified Date = 10/9/2001 5:45:36 PM | Attr = R  ]
< HOSTS File > (262084 bytes and 9140 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1	   localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.1001-search.info
127.0.0.1	1001-search.info
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://my.yahoo.com/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4787 domain(s) found. -> 
45 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4786 domain(s) found. -> 
44 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.152 | Size = 455960 bytes | Modified Date = 9/1/2008 9:09:48 AM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
AntivirXP08 -> AntivirXP08 -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5F794EE9-4FAD-4784-A8AE-55F310919EF4} ->	(1394 Net Adapter) -> 
{93A2DFC0-E77C-4F6F-9304-866F201F4752} ->	(Linksys Wireless-G PCI Adapter) -> 
{A8BD3587-8439-4020-A504-807B4CF44984} ->	(Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver =  | Size = 79128 bytes | Modified Date = 8/31/2008 9:46:35 AM | Attr =	]
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\\SuppressDuplicateDuration -> 86400 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 144384 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.2.3790.2477 (srv03_sp1_gdr.050629-1534) | Size = 349696 bytes | Modified Date = 6/30/2005 5:00:28 PM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 144384 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.2.3790.2924 (srv03_sp1_gdr.070425-0118) | Size = 144384 bytes | Modified Date = 4/25/2007 2:40:22 PM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 75776 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 840 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 190976 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 123392 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> A0 F3 AA 39 89 B8 9C 20 29 54 E9 12 6D 78 94 4C  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 7E 86 B4 13 C7 C0 1F 59 61  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 74 A6 D3 D7 72 92  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 56 01 1C C8 1B 72 CF BA 00 2C 03 07 DE 7D 24 E5  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 28 BD 7E 49 40 0B C9 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 60 0E 4E 28 53 C6 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 14336 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 153 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\system32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 339968 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\World of Warcraft\Repair.exe -> %SystemDrive%\Program Files\World of Warcraft\Repair.exe [C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe -> %SystemDrive%\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files (x86)\swupdate.exe -> D:\Program Files (x86)\swupdate.exe [D:\Program Files (x86)\swupdate.exe:*:Enabled:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files (x86)\LucasArts\SWKotOR2\swupdate.exe -> D:\Program Files (x86)\LucasArts\SWKotOR2\swupdate.exe [D:\Program Files (x86)\LucasArts\SWKotOR2\swupdate.exe:*:Enabled:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Soulseek\slsk.exe -> %ProgramFiles%\Soulseek\slsk.exe [C:\Program Files (x86)\Soulseek\slsk.exe:*:Enabled:SoulSeek] ->  [Ver = 0.3.4 | Size = 3112960 bytes | Modified Date = 4/17/2005 5:08:10 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\EA GAMES\American McGee's Alice\alice.exe -> %ProgramFiles%\EA GAMES\American McGee's Alice\alice.exe [C:\Program Files (x86)\EA GAMES\American McGee's Alice\alice.exe:*:Enabled:American McGee's Alice] -> Rogue Entertainment [Ver = 1.0 | Size = 2209835 bytes | Modified Date = 11/8/2000 11:07:12 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files (x86)\World of Warcraft\WoW-2.0.3-enUS-downloader.exe -> D:\Program Files (x86)\World of Warcraft\WoW-2.0.3-enUS-downloader.exe [D:\Program Files (x86)\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> Blizzard Entertainment [Ver = 1, 6, 6, 174 | Size = 784032 bytes | Modified Date = 3/14/2007 2:49:20 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files (x86)\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe -> D:\Program Files (x86)\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe [D:\Program Files (x86)\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> Blizzard Entertainment [Ver = 1, 6, 6, 186 | Size = 771502 bytes | Modified Date = 3/14/2007 3:26:38 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Trillian\trillian.exe -> %ProgramFiles%\Trillian\trillian.exe [C:\Program Files (x86)\Trillian\trillian.exe:*:Enabled:Trillian] -> Cerulean Studios [Ver = 3, 1, 7, 0 | Size = 1873280 bytes | Modified Date = 7/19/2007 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files (x86)\BitTorrent\bittorrent.exe -> D:\Program Files (x86)\BitTorrent\bittorrent.exe [D:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] ->  [Ver =  | Size = 43008 bytes | Modified Date = 3/1/2007 6:11:22 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe -> %SystemDrive%\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> LimeWire [Ver = 1.0.0.2 | Size = 700416 bytes | Modified Date = 10/31/2005 10:56:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files (x86)\LimeWire\LimeWire.exe -> D:\Program Files (x86)\LimeWire\LimeWire.exe [D:\Program Files (x86)\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 122880 bytes | Modified Date = 1/29/2007 4:33:41 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE [C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 6.00.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 94208 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files (x86)\Starcraft\StarCraft.exe -> D:\Program Files (x86)\Starcraft\StarCraft.exe [D:\Program Files (x86)\Starcraft\StarCraft.exe:*:Enabled:Starcraft] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\AVG\AVG8\avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe [C:\Program Files (x86)\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.159 | Size = 875288 bytes | Modified Date = 9/1/2008 9:09:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\AVG\AVG8\avgupd.exe -> %ProgramFiles%\AVG\AVG8\avgupd.exe [C:\Program Files (x86)\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.159 | Size = 641304 bytes | Modified Date = 9/1/2008 9:07:20 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 14336 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 14336 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 70144 bytes | Modified Date = 3/29/2006 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS ->  -> File not found
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.html [@ = FirefoxHTML] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.16: 2008070205 | Size = 7667312 bytes | Modified Date = 7/24/2008 3:32:47 AM | Attr =	]
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" %* -> 
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{00170409-78E1-11D2-B60F-006097C998E7} -> Microsoft Word 2000
{021C4C4F-C93C-4425-BFFD-C2D16776BFAE} -> Visual C++ 8.0 Runtime Setup Package (x64)
{048298C9-A4D3-490B-9FF9-AB023A9238F3} -> Steam
{0DB93918-2A77-11D3-805A-00C04FA329AA} -> Word in Works Suite add-in
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate
{2158685C-E2B3-4026-B0A1-0FFE31837AFD} -> PlayLinc
{3248F0A8-6813-11D6-A77B-00B0D0150030} -> J2SE Runtime Environment 5.0 Update 3
{56364334-9530-11D2-BFFC-00C04FA329AA} -> Microsoft Works 2000
{629F65FB-7F3C-4D66-A1C0-20722744B7B6} -> Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{77B5AD60-8F14-11D4-9BC9-0050041A1090} -> American McGee's Alice(tm)
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec
{8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player
{A918DE8A-98C8-0920-0000-0000002C0015} -> Sanyo Katana (SCP-6600) USB - Handset Manager V9.2
{AC76BA86-7AD7-1033-7B44-A80000000002} -> Adobe Reader 8
{B13A7C41581B411290FBC0395694E2A9} -> DivX Converter
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player
{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition
{D050D7362D214723AD585B541FFB6C11} -> DivX Content Uploader
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware
{F34D9A5F-484A-4E31-A9D3-908CB265B289} -> Sygate Personal Firewall
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player Plugin
All ATI Software -> ATI - Software Uninstall Utility
AVG8Uninstall -> AVG Free 8.0
BitTorrent -> BitTorrent 5.0.7
Bridge Commander -> Star Trek Bridge Commander
COH -> City of Villains/City of Heroes (remove only)
Cole2k Media - Codec Pack -> Cole2k Media - Codec Pack (Advanced) 6.0.9
Device Control -> Device Control
EAX -> Creative EAX Console
Guild Wars -> Guild Wars
HijackThis -> HijackThis 2.0.2
KB923789 -> Security Update for Windows XP (KB923789)
LimeWire -> LimeWire 4.12.11
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
MechWarrior 3 -> MechWarrior 3
Might and Magic® VIII: Day of the Destroyer(TM) -> Might and Magic® VIII: Day of the Destroyer(TM)
Mozilla Firefox (2.0.0.16) -> Mozilla Firefox (2.0.0.16)
MP3 WAV Converter 3.30 -> MP3 WAV Converter 3.30
Soulseek -> SoulSeek Client 156c
SPEAKER -> Creative Speaker Settings
Trillian -> Trillian
Winamp -> Winamp
WinRAR archiver -> WinRAR archiver
Works2kSetup -> Microsoft Works 2000 Setup Launcher
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103} -> Dark Messiah 


[Files/Folders - Created Within 30 days]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ ->  [Folder | Created Date = 9/1/2008 4:15:08 AM | Attr =  H ]
Lop SD -> %SystemDrive%\Lop SD ->  [Folder | Created Date = 9/16/2008 1:49:34 AM | Attr =	]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 8/31/2008 12:17:18 PM | Attr =	]
Teefer.sys -> %SystemRoot%\System32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Created Date = 9/4/2008 12:40:46 AM | Attr =	]
wg3n.sys -> %SystemRoot%\System32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 9/4/2008 12:40:47 AM | Attr =	]
wg4n.sys -> %SystemRoot%\System32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 9/4/2008 12:40:47 AM | Attr =	]
wg5n.sys -> %SystemRoot%\System32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 9/4/2008 12:40:48 AM | Attr =	]
wg6n.sys -> %SystemRoot%\System32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 9/4/2008 12:40:48 AM | Attr =	]
wpsdrvnt.sys -> %SystemRoot%\System32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Created Date = 9/4/2008 12:40:46 AM | Attr =	]
SSSensor.dll -> %SystemRoot%\System32\SSSensor.dll -> Sygate Technologies, Inc. [Ver = 5. 5. 0. 5 | Size = 83096 bytes | Created Date = 9/4/2008 12:40:36 AM | Attr =	]
Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Created Date = 9/4/2008 12:34:06 AM | Attr =	]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
[Files Created - Additional Folder Scans - Non-Microsoft Only]
avg8 -> %AllUsersProfile%\Application Data\avg8 ->  [Folder | Created Date = 8/31/2008 9:46:18 AM | Attr =	]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 8/31/2008 2:56:22 AM | Attr =	]
Redirected -> %AllUsersProfile%\Application Data\Redirected ->  [Folder | Created Date = 9/16/2008 2:42:39 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 9/1/2008 12:42:07 PM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Created Date = 8/31/2008 4:25:24 AM | Attr =	]
vszwzala -> %AllUsersProfile%\Application Data\vszwzala ->  [Folder | Created Date = 8/31/2008 2:43:51 AM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 8/31/2008 3:14:07 AM | Attr =	]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 8/31/2008 4:25:16 AM | Attr =	]
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk ->  [Ver =  | Size = 835 bytes | Created Date = 9/1/2008 9:51:41 AM | Attr =	]
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk ->  [Ver =  | Size = 835 bytes | Created Date = 9/1/2008 9:51:42 AM | Attr =	]
AVG Free 8.0.lnk -> %AllUsersProfile%\Desktop\AVG Free 8.0.lnk ->  [Ver =  | Size = 1549 bytes | Created Date = 8/31/2008 9:46:50 AM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 726 bytes | Created Date = 8/31/2008 2:56:24 AM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 822 bytes | Created Date = 8/31/2008 4:25:18 AM | Attr =	]
aaw2008.exe -> %UserProfile%\Desktop\aaw2008.exe ->  [Ver =  | Size = 19153264 bytes | Created Date = 9/1/2008 9:48:57 AM | Attr =	]
avg_free_stf_en_8_138a1332.exe -> %UserProfile%\Desktop\avg_free_stf_en_8_138a1332.exe -> AVG Technologies [Ver = 8, 0, 0, 1 | Size = 48367896 bytes | Created Date = 8/31/2008 9:36:26 AM | Attr =	]
Dmailer -> %UserProfile%\Desktop\Dmailer ->  [Folder | Created Date = 9/5/2008 1:28:42 AM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1788 bytes | Created Date = 8/31/2008 12:11:42 PM | Attr =	]
LopSD.exe -> %UserProfile%\Desktop\LopSD.exe ->  [Ver =  | Size = 521200 bytes | Created Date = 9/16/2008 1:49:25 AM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 9/16/2008 6:28:43 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 9/16/2008 3:30:26 PM | Attr =	]
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe ->  [Ver =  | Size = 1419780 bytes | Created Date = 8/31/2008 12:14:31 PM | Attr =	]
Secure II -> %UserProfile%\Desktop\Secure II ->  [Folder | Created Date = 9/5/2008 1:28:45 AM | Attr =	]
spf.msi -> %UserProfile%\Desktop\spf.msi ->  [Ver =  | Size = 5659648 bytes | Created Date = 9/4/2008 12:39:30 AM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 975 bytes | Created Date = 9/1/2008 12:42:13 PM | Attr =	]
spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> Safer Networking Limited									 [Ver = 1.6.0				| Size = 15083520 bytes | Created Date = 9/1/2008 12:39:52 PM | Attr =	]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 10.0.0.441 | Size = 2204679 bytes | Created Date = 9/1/2008 1:22:54 PM | Attr =	]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Created Date = 9/2/2008 12:18:48 AM | Attr =	]
SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe ->  [Ver =  | Size = 6634008 bytes | Created Date = 8/31/2008 4:23:16 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 8/31/2008 4:24:55 AM | Attr =	]
AVG -> %ProgramFiles%\AVG ->  [Folder | Created Date = 8/31/2008 9:46:18 AM | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 8/31/2008 2:56:22 AM | Attr =	]
SAV -> %ProgramFiles%\SAV ->  [Folder | Created Date = 8/31/2008 2:43:04 AM | Attr =	]
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy ->  [Folder | Created Date = 9/1/2008 12:42:07 PM | Attr =	]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware ->  [Folder | Created Date = 8/31/2008 4:25:17 AM | Attr =	]
Sygate -> %ProgramFiles%\Sygate ->  [Folder | Created Date = 9/4/2008 12:40:32 AM | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 8/31/2008 12:11:40 PM | Attr =	]
Zone Labs -> %ProgramFiles%\Zone Labs ->  [Folder | Created Date = 9/4/2008 12:35:08 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 9/16/2008 2:21:01 AM | Attr =   S]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 970 bytes | Modified Date = 9/14/2008 5:00:27 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 9/16/2008 2:21:17 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 2/17/2007 12:17:09 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 9/9/2008 4:42:40 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5534 bytes | Modified Date = 9/9/2008 4:42:40 PM | Attr =	]
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\ -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp ->  [Folder | Modified Date = 9/16/2008 3:30:47 PM | Attr =	]
SSUPDATE.EXE -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1034 | Size = 158960 bytes | Modified Date = 8/19/2008 11:34:14 PM | Attr =	]
_isF1.exe -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\_isF1.exe -> Macrovision Corporation [Ver = 12.0.49974 | Size = 455600 bytes | Modified Date = 5/24/2006 9:10:42 PM | Attr = R  ]
2 C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\{268BE6BA-EE32-403B-AE03-C75D45689E07}\ -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\{268BE6BA-EE32-403B-AE03-C75D45689E07} ->  [Folder | Modified Date = 9/21/2007 10:38:24 AM | Attr =	]
ISSetup.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\{268BE6BA-EE32-403B-AE03-C75D45689E07}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 552214 bytes | Modified Date = 10/5/2006 7:49:12 PM | Attr = R  ]
_Setup.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\{268BE6BA-EE32-403B-AE03-C75D45689E07}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 373680 bytes | Modified Date = 5/17/2006 8:21:08 PM | Attr = R  ]
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\ -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem ->  [Folder | Modified Date = 9/21/2007 10:38:25 AM | Attr =	]
0e70205b23f4c095c6914fe4101a50bd.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\0e70205b23f4c095c6914fe4101a50bd.dll ->  [Ver =  | Size = 77824 bytes | Modified Date = 2/16/2007 3:41:38 PM | Attr = R  ]
1858e8ab849d8865dceffd49fa725006.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\1858e8ab849d8865dceffd49fa725006.dll ->  [Ver =  | Size = 163909 bytes | Modified Date = 2/16/2007 3:41:39 PM | Attr = R  ]
202f31b5ebc621a063bb8fdd02718f1d.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\202f31b5ebc621a063bb8fdd02718f1d.dll -> ActiveState Corporation [Ver = 8.4.5 | Size = 598080 bytes | Modified Date = 2/16/2007 3:41:39 PM | Attr = R  ]
3f85f0530d6aef9985639aafadac2fc1.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\3f85f0530d6aef9985639aafadac2fc1.dll ->  [Ver =  | Size = 24576 bytes | Modified Date = 2/16/2007 3:41:39 PM | Attr = R  ]
533c3946ba3f7bcd90f0a06813186a5b.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\533c3946ba3f7bcd90f0a06813186a5b.dll ->  [Ver =  | Size = 155648 bytes | Modified Date = 2/16/2007 3:41:38 PM | Attr = R  ]
5aae87e6620ab1cf1ec4dbd00266a2c1.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\5aae87e6620ab1cf1ec4dbd00266a2c1.dll ->  [Ver =  | Size = 24576 bytes | Modified Date = 2/16/2007 3:41:38 PM | Attr = R  ]
77926685c9635357227dfe2f401ad5bc.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\77926685c9635357227dfe2f401ad5bc.dll ->  [Ver =  | Size = 49225 bytes | Modified Date = 2/16/2007 3:41:39 PM | Attr = R  ]
7e571116e6983d90cf20286d6bbcb9e5.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\7e571116e6983d90cf20286d6bbcb9e5.dll ->  [Ver =  | Size = 28753 bytes | Modified Date = 2/16/2007 3:41:40 PM | Attr = R  ]
9dcc1ee602b6cb5bb8e4acad22194926.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\9dcc1ee602b6cb5bb8e4acad22194926.dll ->  [Ver =  | Size = 45129 bytes | Modified Date = 2/16/2007 3:41:40 PM | Attr = R  ]
a101fbd46ab62044ab7334471d3a54ea.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\a101fbd46ab62044ab7334471d3a54ea.dll ->  [Ver =  | Size = 49225 bytes | Modified Date = 2/16/2007 3:41:39 PM | Attr = R  ]
abcd38bf4810a378b8ee9d18fae299e3.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\abcd38bf4810a378b8ee9d18fae299e3.dll ->  [Ver =  | Size = 20480 bytes | Modified Date = 2/16/2007 3:41:39 PM | Attr = R  ]
ad76515ff4d1de346e3888790190a3c0.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\ad76515ff4d1de346e3888790190a3c0.dll ->  [Ver =  | Size = 32879 bytes | Modified Date = 2/16/2007 3:41:38 PM | Attr = R  ]
b4161f6146116168b674f3ccf0d73a2f.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\b4161f6146116168b674f3ccf0d73a2f.dll ->  [Ver =  | Size = 32843 bytes | Modified Date = 2/17/2007 12:22:14 PM | Attr = R  ]
c0bc172a4f6b2d6a24bed6dcdf0efa24.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\c0bc172a4f6b2d6a24bed6dcdf0efa24.dll ->  [Ver =  | Size = 1122377 bytes | Modified Date = 2/16/2007 3:41:38 PM | Attr = R  ]
c18303bc541538ec687c2e4736df7b98.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\c18303bc541538ec687c2e4736df7b98.dll ->  [Ver =  | Size = 24576 bytes | Modified Date = 2/16/2007 3:41:39 PM | Attr = R  ]
c19933b0daf80774a8c11c6ec1caa7bf.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\c19933b0daf80774a8c11c6ec1caa7bf.dll ->  [Ver =  | Size = 28672 bytes | Modified Date = 2/16/2007 3:41:39 PM | Attr = R  ]
c8ceb6e8f4968634b8643eb32b388c2c.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\c8ceb6e8f4968634b8643eb32b388c2c.dll ->  [Ver =  | Size = 20480 bytes | Modified Date = 2/16/2007 3:41:38 PM | Attr = R  ]
c8d296a83f97e5d9d3e36b8246047200.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\c8d296a83f97e5d9d3e36b8246047200.dll ->  [Ver =  | Size = 32841 bytes | Modified Date = 2/16/2007 3:41:39 PM | Attr = R  ]
d6d140f43f56ef226f208c4db97e3145.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\d6d140f43f56ef226f208c4db97e3145.dll ->  [Ver =  | Size = 28672 bytes | Modified Date = 2/16/2007 3:41:39 PM | Attr = R  ]
dbb6ffd197cbcbfd16a35dadd6c6124d.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\dbb6ffd197cbcbfd16a35dadd6c6124d.dll ->  [Ver =  | Size = 90183 bytes | Modified Date = 2/16/2007 3:41:40 PM | Attr = R  ]
e1154f13923e134b3f66897287ad9675.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\e1154f13923e134b3f66897287ad9675.dll ->  [Ver =  | Size = 36941 bytes | Modified Date = 2/17/2007 12:22:42 PM | Attr = R  ]
eb9a324484575899cf1bec33b43a56c2.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\eb9a324484575899cf1bec33b43a56c2.dll ->  [Ver =  | Size = 28672 bytes | Modified Date = 2/16/2007 3:41:39 PM | Attr = R  ]
fe78322a8994bfeb4ede9420d8595321.dll -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem\fe78322a8994bfeb4ede9420d8595321.dll ->  [Ver =  | Size = 24576 bytes | Modified Date = 2/16/2007 3:41:38 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\ -> C:\WINDOWS\Temp\CRF002\Drivers ->  [Folder | Modified Date = 2/16/2007 1:00:26 AM | Attr =	]
Setup.exe -> C:\WINDOWS\Temp\CRF002\Drivers\Setup.exe -> Creative Technology Ltd. [Ver = 1.00.0.0 built by: WinDDK | Size = 29696 bytes | Modified Date = 6/27/2005 7:37:24 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\support\amd64\ -> C:\WINDOWS\Temp\CRF002\Drivers\support\amd64 ->  [Folder | Modified Date = 2/16/2007 1:00:26 AM | Attr =	]
ctzapxx.exe -> C:\WINDOWS\Temp\CRF002\Drivers\support\amd64\ctzapxx.exe -> Creative Technology Ltd [Ver = 0, 81, 2, 253 | Size = 272384 bytes | Modified Date = 6/27/2005 7:39:00 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\support\i386\ -> C:\WINDOWS\Temp\CRF002\Drivers\support\i386 ->  [Folder | Modified Date = 2/16/2007 1:00:26 AM | Attr =	]
ctzapxx.exe -> C:\WINDOWS\Temp\CRF002\Drivers\support\i386\ctzapxx.exe -> Creative Technology Ltd [Ver = 0, 81, 2, 253 | Size = 199168 bytes | Modified Date = 6/27/2005 7:37:22 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\wdm\Common\ -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Common ->  [Folder | Modified Date = 2/16/2007 1:00:26 AM | Attr =	]
mididef.exe -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Common\mididef.exe -> Creative Technology Ltd [Ver = 2, 8, 3, 2 | Size = 49152 bytes | Modified Date = 12/3/2002 6:16:00 PM | Attr = R  ]
P17Def.exe -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Common\P17Def.exe -> Creative Technology Ltd [Ver = 1, 0, 0, 2 | Size = 20480 bytes | Modified Date = 5/3/2005 8:35:56 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\support\amd64\ -> C:\WINDOWS\Temp\CRF002\Drivers\support\amd64 ->  [Folder | Modified Date = 2/16/2007 1:00:26 AM | Attr =	]
instwdm.dll -> C:\WINDOWS\Temp\CRF002\Drivers\support\amd64\instwdm.dll -> Creative Technology, Ltd. [Ver = 0, 81, 2, 236 | Size = 102912 bytes | Modified Date = 6/27/2005 7:38:58 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\support\i386\ -> C:\WINDOWS\Temp\CRF002\Drivers\support\i386 ->  [Folder | Modified Date = 2/16/2007 1:00:26 AM | Attr =	]
instwdm.dll -> C:\WINDOWS\Temp\CRF002\Drivers\support\i386\instwdm.dll -> Creative Technology, Ltd. [Ver = 0, 81, 2, 236 | Size = 98816 bytes | Modified Date = 6/27/2005 7:37:20 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\wdm\AddOn\ -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\AddOn ->  [Folder | Modified Date = 9/1/2008 12:42:32 PM | Attr =	]
eax.dll -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\AddOn\eax.dll -> Creative Technology Ltd [Ver = 3.063 | Size = 139264 bytes | Modified Date = 4/2/2003 8:13:32 AM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\wdm\Lang\amd64\ -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Lang\amd64 ->  [Folder | Modified Date = 9/1/2008 12:42:32 PM | Attr =	]
inres.dll -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Lang\amd64\inres.dll -> Creative Technology Limited [Ver = 1, 0, 9, 0 | Size = 10752 bytes | Modified Date = 6/15/2005 12:09:06 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\wdm\Lang\i386\ -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Lang\i386 ->  [Folder | Modified Date = 9/1/2008 12:42:32 PM | Attr =	]
inres.dll -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Lang\i386\inres.dll -> Creative Technology Limited [Ver = 1, 0, 9, 0 | Size = 11264 bytes | Modified Date = 6/15/2005 12:07:24 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp\ -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp ->  [Folder | Modified Date = 9/1/2008 12:42:32 PM | Attr =	]
a3d.dll -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp\a3d.dll ->   [Ver = 80.0.0.3 | Size = 65536 bytes | Modified Date = 4/11/2002 2:41:06 AM | Attr = R  ]
P17CPI.dll -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp\P17CPI.dll ->  [Ver = 1, 0, 0, 2 | Size = 53248 bytes | Modified Date = 10/2/2003 7:48:18 PM | Attr = R  ]
p17Res.dll -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp\p17Res.dll -> Creative Technology Ltd. [Ver = 5.12.01.00405 | Size = 137728 bytes | Modified Date = 1/25/2006 3:55:48 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp\AMD64\ -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp\AMD64 ->  [Folder | Modified Date = 9/1/2008 12:42:32 PM | Attr =	]
CtDvInst.dll -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp\AMD64\CtDvInst.dll -> Creative Technology Limited [Ver = 0, 3, 0, 30 | Size = 157184 bytes | Modified Date = 6/27/2005 7:39:00 PM | Attr = R  ]
sfman32.dll -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp\AMD64\sfman32.dll -> Creative Technology Ltd [Ver = 5.12.01.0130-1.00.0000 | Size = 21504 bytes | Modified Date = 12/8/2005 12:54:48 PM | Attr = R  ]
sfms32.dll -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp\AMD64\sfms32.dll -> Creative Technology Ltd [Ver = 5.12.01.1164-2.08.0370 | Size = 126464 bytes | Modified Date = 12/8/2005 12:54:46 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp\I386\ -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp\I386 ->  [Folder | Modified Date = 9/1/2008 12:42:32 PM | Attr =	]
CtDvInst.dll -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp\I386\CtDvInst.dll -> Creative Technology Limited [Ver = 0, 3, 0, 30 | Size = 133632 bytes | Modified Date = 6/27/2005 7:37:22 PM | Attr = R  ]
SFMAN32.DLL -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp\I386\SFMAN32.DLL -> Creative Technology Ltd [Ver = 5.12.01.0130-1.00.0000 | Size = 21504 bytes | Modified Date = 12/8/2005 12:54:48 PM | Attr = R  ]
SFMS32.DLL -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\Win2k_xp\I386\SFMS32.DLL -> Creative Technology Ltd [Ver = 5.12.01.1164-2.08.0370 | Size = 120832 bytes | Modified Date = 12/8/2005 12:54:46 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\ -> C:\WINDOWS\Temp\CRF002\Drivers ->  [Folder | Modified Date = 2/16/2007 1:00:26 AM | Attr =	]
Setup.ini -> C:\WINDOWS\Temp\CRF002\Drivers\Setup.ini ->  [Ver =  | Size = 87 bytes | Modified Date = 4/19/2005 5:19:06 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\support\amd64\ -> C:\WINDOWS\Temp\CRF002\Drivers\support\amd64 ->  [Folder | Modified Date = 2/16/2007 1:00:26 AM | Attr =	]
ctzapxx.ini -> C:\WINDOWS\Temp\CRF002\Drivers\support\amd64\ctzapxx.ini ->  [Ver =  | Size = 39 bytes | Modified Date = 3/8/2005 3:14:20 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\support\i386\ -> C:\WINDOWS\Temp\CRF002\Drivers\support\i386 ->  [Folder | Modified Date = 2/16/2007 1:00:26 AM | Attr =	]
ctzapxx.ini -> C:\WINDOWS\Temp\CRF002\Drivers\support\i386\ctzapxx.ini ->  [Ver =  | Size = 39 bytes | Modified Date = 3/8/2005 3:14:20 PM | Attr = R  ]
C:\WINDOWS\Temp\CRF002\Drivers\wdm\ -> C:\WINDOWS\Temp\CRF002\Drivers\wdm ->  [Folder | Modified Date = 9/1/2008 12:42:32 PM | Attr =	]
ctzapxx.ini -> C:\WINDOWS\Temp\CRF002\Drivers\wdm\ctzapxx.ini ->  [Ver =  | Size = 54 bytes | Modified Date = 3/8/2005 3:17:08 PM | Attr = R  ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 148992 bytes | Modified Date = 9/14/2008 11:08:11 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 171948 bytes | Modified Date = 8/31/2008 3:03:35 AM | Attr =  H ]
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk ->  [Ver =  | Size = 835 bytes | Modified Date = 9/1/2008 9:51:41 AM | Attr =	]
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk ->  [Ver =  | Size = 835 bytes | Modified Date = 9/1/2008 9:51:42 AM | Attr =	]
AVG Free 8.0.lnk -> %AllUsersProfile%\Desktop\AVG Free 8.0.lnk ->  [Ver =  | Size = 1549 bytes | Modified Date = 8/31/2008 9:46:50 AM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 726 bytes | Modified Date = 8/31/2008 2:56:24 AM | Attr =	]
PlayLinc.lnk -> %AllUsersProfile%\Desktop\PlayLinc.lnk ->  [Ver =  | Size = 2173 bytes | Modified Date = 8/31/2008 12:35:05 PM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 822 bytes | Modified Date = 8/31/2008 4:25:18 AM | Attr =	]
aaw2008.exe -> %UserProfile%\Desktop\aaw2008.exe ->  [Ver =  | Size = 19153264 bytes | Modified Date = 9/1/2008 9:50:42 AM | Attr =	]
avg_free_stf_en_8_138a1332.exe -> %UserProfile%\Desktop\avg_free_stf_en_8_138a1332.exe -> AVG Technologies [Ver = 8, 0, 0, 1 | Size = 48367896 bytes | Modified Date = 8/31/2008 9:42:54 AM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1788 bytes | Modified Date = 8/31/2008 12:11:42 PM | Attr =	]
LopSD.exe -> %UserProfile%\Desktop\LopSD.exe ->  [Ver =  | Size = 521200 bytes | Modified Date = 9/16/2008 1:49:26 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 9/16/2008 3:30:29 PM | Attr =	]
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe ->  [Ver =  | Size = 1419780 bytes | Modified Date = 8/31/2008 12:14:41 PM | Attr =	]
spf.msi -> %UserProfile%\Desktop\spf.msi ->  [Ver =  | Size = 5659648 bytes | Modified Date = 9/4/2008 12:40:03 AM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 975 bytes | Modified Date = 9/1/2008 12:42:13 PM | Attr =	]
spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> Safer Networking Limited									 [Ver = 1.6.0				| Size = 15083520 bytes | Modified Date = 9/1/2008 12:40:52 PM | Attr =	]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 10.0.0.441 | Size = 2204679 bytes | Modified Date = 9/1/2008 1:23:26 PM | Attr =	]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 9/2/2008 12:18:48 AM | Attr =	]
SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe ->  [Ver =  | Size = 6634008 bytes | Modified Date = 8/31/2008 4:24:07 AM | Attr =	]
Trillian.lnk -> %UserProfile%\Desktop\Trillian.lnk ->  [Ver =  | Size = 1676 bytes | Modified Date = 9/16/2008 2:22:11 AM | Attr =	]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
< Document and Settings folder & sub folders >
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

< End of report >


#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:43 PM

Posted 17 September 2008 - 07:56 PM

Hello, InferionGhost.
You have a Peer-To-Peer program installed.
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case SoulSeak, Limewire). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

We need to run an OTScanIt Fix
  • Please reopen Posted Image
  • Click on Posted Image
  • In the Posted Image area copy and paste in the following (Do not include the word CODE)
    [Kill Explorer]
    [Unregister Dlls]
    [Registry - Non-Microsoft Only]
    < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
    YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> 
    YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Hd02siyXeI -> %AllUsersProfile%\Application Data\vszwzala\xqfabofw.exe [C:\Documents and Settings\All Users\Application Data\vszwzala\xqfabofw.exe]
    [Files/Folders - Created Within 30 days]
    NY -> Lop SD -> %SystemDrive%\Lop SD
    NY -> SDFix -> %SystemDrive%\SDFix
    NY -> Internet Logs -> %SystemRoot%\Internet Logs
    NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    [Files Created - Additional Folder Scans - Non-Microsoft Only]
    NY -> vszwzala -> %AllUsersProfile%\Application Data\vszwzala
    NY -> LopSD.exe -> %UserProfile%\Desktop\LopSD.exe
    NY -> SDFix.exe -> %UserProfile%\Desktop\SDFix.exe
    [Files/Folders - Modified Within 30 days]
    NY -> 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    NY -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\ -> C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp
    [Empty Temp Folders]
    [Start Explorer]
    [Reboot]
  • Press the Posted Image button.
  • Copy/Paste the resultant report in a reply here
In your next reply, please include the following:
  • OtScanIt Fix Report

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 InferionGhost

InferionGhost
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 18 September 2008 - 01:39 AM

This is the log that was open when i rebooted:


Unable to kill explorer.exe
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run not found.
[Files/Folders - Created Within 30 days]
C:\Lop SD folder moved successfully.
C:\SDFix\apps\Replace\xp folder moved successfully.
C:\SDFix\apps\Replace\w2k folder moved successfully.
C:\SDFix\apps\Replace folder moved successfully.
C:\SDFix\apps folder moved successfully.
C:\SDFix folder moved successfully.
C:\WINDOWS\Internet Logs folder moved successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\All Users\Application Data\vszwzala folder moved successfully.
C:\Documents and Settings\Blood Golem.SENTINUS\Desktop\LopSD.exe moved successfully.
C:\Documents and Settings\Blood Golem.SENTINUS\Desktop\SDFix.exe moved successfully.
[Files/Folders - Modified Within 30 days]
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\{268BE6BA-EE32-403B-AE03-C75D45689E07} folder moved successfully.
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR folder moved successfully.
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\_ISTMP2.DIR folder moved successfully.
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR folder moved successfully.
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\_ISTMP1.DIR folder moved successfully.
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\WPDNSE folder moved successfully.
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\WAS4FEF.tmp folder moved successfully.
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\pdk-Blood Golem folder moved successfully.
Folder move failed. C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp scheduled to be moved on reboot.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\fla40.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\fla42.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\fla5A.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Application Data\Mozilla\Firefox\Profiles\w21hlvc0.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Application Data\Mozilla\Firefox\Profiles\w21hlvc0.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Application Data\Mozilla\Firefox\Profiles\w21hlvc0.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Application Data\Mozilla\Firefox\Profiles\w21hlvc0.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Application Data\Mozilla\Firefox\Profiles\w21hlvc0.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 09182008_010413

Files moved on Reboot...
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp folder moved successfully.
File C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\fla40.tmp not found!
File C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\fla42.tmp not found!
File C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Temp\fla5A.tmp not found!
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat not found!
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Application Data\Mozilla\Firefox\Profiles\w21hlvc0.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Application Data\Mozilla\Firefox\Profiles\w21hlvc0.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Application Data\Mozilla\Firefox\Profiles\w21hlvc0.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Application Data\Mozilla\Firefox\Profiles\w21hlvc0.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Blood Golem.SENTINUS\Local Settings\Application Data\Mozilla\Firefox\Profiles\w21hlvc0.default\XUL.mfl moved successfully.

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:43 PM

Posted 18 September 2008 - 10:11 PM

Hello, InferionGhost.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 InferionGhost

InferionGhost
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 20 September 2008 - 04:24 AM

Here it is:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3457 (20080919)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=d1d8985b3261784da5a2ae8df45ca34f
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-09-20 09:08:55
# local_time=2008-09-20 04:08:55 (-0600, Central Daylight Time)
# country="United States"
# osver=5.2.3790 NT Service Pack 1
# scanned=416384
# found=0
# scan_time=4417

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:43 PM

Posted 20 September 2008 - 11:33 PM

Hello, InferionGhost.
Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 InferionGhost

InferionGhost
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 22 September 2008 - 11:33 AM

All anti-virus programs are coming back negative, and since the last reboot I have not seen a single false security pop up. I think we got it.

Thanks for all your help Bill!

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:43 PM

Posted 22 September 2008 - 05:42 PM

Hello, InferionGhost.

You're very welcome :thumbsup:

Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users