Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection- Still Traces Left?


  • This topic is locked This topic is locked
24 replies to this topic

#1 fabienne

fabienne

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 06 September 2008 - 11:17 PM

Hi there,

First, I want to say thank you to this website for the clear, step by step instructions that it provided for attempting to get rid of the Virtumondo virus. I have spent all day following them, and I think I have been able to get rid of *most* of it, although I would really appreciate some help in tracking down the problems that still remain.

Here is a summary of my computer's problems and the steps I took to try and fix them:

Computer was very slow, lots of popups, pictures in websites were replaced with strange ads, couldn't do Google searches, couldn't turn Windows Update on without computer crashing/freezing.

Before coming to this site, I ran Spybot, which found a whole slew of things that I deleted. Then I downloaded SuperAntiSpyware, which found the following, which I also asked it to fix:
Adware.EbatesMoeMoneyMaker
Adware.TrackingCookie
Adware.Vundo Variant/Rel
Adware.WebRebates
Trojan.Unknown Origin
Trojan.Vundo-Variant/NextGen
Trojan.Vundo-Variant/NextGen-Six
Trojan.Vundo-Variant/Small-GEN

Still having problems, then tried Microsoft's scan, but it wouldn't run. Tried Symantec's virus scan- caused an IE error, wouldn't run.
Then found this website, and did the following:

Vundo Fix
VirtumondoBegone
Cleaned Temp internet files
Downloaded, updated, and scanned wih Ad-Aware, fixed results until clean
Did another Spybot scan, which found Virtumonde.prx (5 instances) and Virtumonde (2 instances)
Tried to run Trend Micro Housecall, but it kept freezing after mutiple attempts
Stinger- found nothing
Downloaded personal firewall
Windows updates
Computer restarted, and Spybot ran automatically at restart, and found DoubleClick, MediaPlex, and WebTrends Live, which I asked it to fix
McAfee window popped up and said that a potentially unwanted program was discovered- "PrcViewer"- clicked to delete it

When the Spybot scan was finished, I got a pop up box that read "Error loading c:\windows\system32\xtrmxtc.dll The specified module could not be found." I said ok, and then things seemed to be better than before. My home page is Comcast, and I did notice that where there is usually an ad, there was a portion of the IE error message page.

I'm pasting the results of my HijackThis scan, which I just ran. I'm guessing that there still may be remnants of this nasty thing lurking on my computer. Thank you so much in advance for any help you might be able to offer!

Best regards,
Fabienne

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:27 PM, on 9/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1170708985\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170708985\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [10c7f39c] rundll32.exe "C:\WINDOWS\system32\dkbvddtq.dll",b
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [BM13f4c000] Rundll32.exe "C:\WINDOWS\system32\xtrmxtxc.dll",s
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Documents and Settings\Fabienne\Application Data\Ebates__MoeMoney__Maker\ebmmt\ebmmC5.htm (file missing) (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://10.0.1.28/Remote/msrdp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O20 - AppInit_DLLs: kbztbm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 10452 bytes

BC AdBot (Login to Remove)

 


m

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:17 AM

Posted 07 September 2008 - 08:49 AM

Hello fabienne

Welcome to BleepingComputer :thumbsup:
========================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      FIle - Lop check
      File - Purity Scan
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 fabienne

fabienne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 07 September 2008 - 11:39 AM

Thanks for your help! Here is the log:

OTScanIt logfile created on: 9/7/2008 9:27:20 AM
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\Fabienne\My Documents\OTScanIt
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.07 Mb Total Physical Memory | 519.80 Mb Available Physical Memory | 51.26% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 45.58 Gb Free Space | 65.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Fabienne
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
smc.exe -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe ->  [Ver =  | Size = 32881 bytes | Modified Date = 11/19/2003 4:48:14 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 12:52:12 PM | Attr =	]
(pavboot) pavboot [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0  | Size = 28544 bytes | Modified Date = 6/19/2008 5:24:30 PM | Attr =	]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 9/3/2008 2:07:14 PM | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS ->  SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 9/3/2008 2:07:16 PM | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 9/3/2008 2:07:12 PM | Attr =	]
(SDDMI2) SDDMI2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DDMI2.sys -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 1:07:44 PM | Attr =	]
(Teefer) Teefer for NT [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 10/15/2004 6:17:02 PM | Attr =	]
(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:38 PM | Attr =	]
(wg4n) SyGate for NT, wg4n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:40 PM | Attr =	]
(wg5n) SyGate for NT, wg5n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:42 PM | Attr =	]
(wg6n) SyGate for NT, wg6n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:44 PM | Attr =	]
(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 10/15/2004 6:18:46 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
10c7f39c -> %SystemRoot%\system32\dkbvddtq.dll [rundll32.exe "C:\WINDOWS\system32\dkbvddtq.dll",b] ->  [Ver =  | Size = 82944 bytes | Modified Date = 9/5/2008 12:03:01 PM | Attr =	]
AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] -> File not found
BM13f4c000 -> %SystemRoot%\system32\xtrmxtxc.DLL [Rundll32.exe "C:\WINDOWS\system32\xtrmxtxc.dll",s] -> File not found
BrStsWnd -> %ProgramFiles%\Brownie\BrStsWnd.exe [C:\Program Files\Brownie\BrstsWnd.exe Autorun] -> brother [Ver = 3, 4, 7, 1 | Size = 815104 bytes | Modified Date = 7/31/2007 8:37:34 PM | Attr =	]
dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] ->   [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 11/15/2007 10:24:00 AM | Attr =	]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe ["C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"] -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 3:19:56 PM | Attr =	]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> File not found
HostManager -> %CommonProgramFiles%\AOL\1170708985\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1170708985\ee\AOLSoftware.exe] -> AOL LLC [Ver = 15.4.1.2 | Size = 42032 bytes | Modified Date = 4/12/2007 2:23:31 PM | Attr =	]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 3:46:34 PM | Attr =	]
igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 3:50:30 PM | Attr =	]
igfxtray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 3:49:46 PM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 2:42:04 PM | Attr =	]
Lexmark 1200 Series -> %ProgramFiles%\Lexmark 1200 Series\lxczbmgr.exe ["C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"] -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 3/16/2006 12:07:30 AM | Attr =	]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr =	]
RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 1/31/2008 8:07:31 PM | Attr =	]
SmcService -> %ProgramFiles%\Sygate\SPF\Smc.exe [C:\PROGRA~1\Sygate\SPF\smc.exe -startgui] -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe [C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe] ->  [Ver =  | Size = 32881 bytes | Modified Date = 11/19/2003 4:48:14 PM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 21, 0, 1004 | Size = 1576176 bytes | Modified Date = 9/3/2008 2:07:12 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 2/16/2004 8:13:54 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 1:06:00 AM | Attr = R  ]
< Fabienne Startup Folder > -> C:\Documents and Settings\Fabienne\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
kbztbm.dll ->  -> File not found
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 5/13/2008 10:13:36 AM | Attr =	]
{E1872FA4-6140-4868-B088-DD5407AE96AA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 5:12:19 PM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 5:12:38 PM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 5:12:24 PM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 5:12:41 PM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1048 | Size = 352256 bytes | Modified Date = 7/23/2008 4:28:18 PM | Attr =	]
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 3:45:38 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 11:40:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 50 bytes | Modified Date = 7/29/2008 8:52:04 AM | Attr =	]
< HOSTS File > (263876 bytes and 9197 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1	   localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	www.163ns.com
127.0.0.1	163ns.com
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com/ -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant ->  -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.google.com/ig/dell?hl=en -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.comcast.net/home.html -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4804 domain(s) found. -> 
47 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4804 domain(s) found. -> 
objects_aol.com [*] -> Out of zone range - ( 5 ) -> 
47 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 1:17:44 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{D0943516-5076-4020-A3B5-AEFAF26AB263} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [Veoh Browser Plug-in] -> Veoh Networks Inc [Ver = 1.0.1.6 | Size = 352256 bytes | Modified Date = 6/19/2008 3:03:50 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 3:22:56 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
{F2B441CC-E026-47fb-BDC3-A07750FA3D2C}\\ButtonText [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{F2B441CC-E026-47fb-BDC3-A07750FA3D2C}\\CLSID [HKEY_LOCAL_MACHINE] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{F2B441CC-E026-47fb-BDC3-A07750FA3D2C}\\Default Visible [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{F2B441CC-E026-47fb-BDC3-A07750FA3D2C}\\HotIcon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{F2B441CC-E026-47fb-BDC3-A07750FA3D2C}\\Icon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{F2B441CC-E026-47fb-BDC3-A07750FA3D2C}\\Script [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Sun Java Console] -> File not found
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 3:22:56 PM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
SnipeIt! eSnipe ->  -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{6E249E1A-14B8-4B96-A360-D41084487621} ->	(Intel(R) PRO/100 VE Network Connection) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[Trend Micro ActiveX Scan Agent 6.6] -> 
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www.costcophotocenter.com/CostcoActivia.cab[Snapfish Activia] -> 
{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab[Windows Live Safety Center Base Module] -> 
{7584C670-2274-4EFB-B00B-D6AABA6D3850}[HKEY_LOCAL_MACHINE] -> https://10.0.1.28/Remote/msrdp.cab[Microsoft RDP Client Control (redist)] -> 
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab[ZoneIntro Class] -> 
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe[Virtools WebPlayer Class] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Housecall_ActiveX.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Housecall_ActiveX.dll\\.Owner -> {215B8138-A3CF-44C5-803F-8226143CFC0A} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Housecall_ActiveX.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\Hype - The Time Quest -> Hype - The Time Quest -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> Hype - The Time Quest -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{215B8138-A3CF-44C5-803F-8226143CFC0A} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\Hype - The Time Quest -> Hype - The Time Quest -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> Hype - The Time Quest -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 5:12:00 PM | Attr =	]
C:\WINDOWS\system32\rqroLBTl ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 5:11:56 PM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 5:12:00 PM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 5:12:08 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 720 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 5:12:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> CA AE CA 5F A3 CC DB F9 A6 F9 B0 AA 05 5C 13 06 36 31 65 35 61 36 38 31 00 00 00 00 69 77 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 4A 30 3B 1F EA D6 E5 E1 6E BC 9D 61  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> DC AB 4B 99 A7 0E 81 CB 3C  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> C3 D4 E9 B8 7B AF  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 3E 8E 1E 43 C2 0D 3B 00 8B C6 AB 23 3A 83 E5 B2  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 76 C1 13 4F 37 B9 C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 5:12:36 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 44959 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 5:11:55 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 5:12:34 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 11:53:32 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 5:12:34 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpnsvr.exe -> %SystemRoot%\system32\dpnsvr.exe [C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server] -> Microsoft Corporation [Ver = 5.03.2600.5512 (xpsp.080413-0845) | Size = 17920 bytes | Modified Date = 4/13/2008 5:12:17 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 3:22:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91640 bytes | Modified Date = 3/27/2007 3:22:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 4/13/2008 5:12:28 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 11:53:32 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1170708985\ee\aolsoftware.exe -> %CommonProgramFiles%\AOL\1170708985\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1170708985\ee\aolsoftware.exe:*:Enabled:AOL Shared Components] -> AOL LLC [Ver = 15.4.1.2 | Size = 42032 bytes | Modified Date = 4/12/2007 2:23:31 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\LEXPPS.EXE -> %SystemRoot%\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE] -> Lexmark International, Inc. [Ver = 9.47 | Size = 174592 bytes | Modified Date = 5/24/2004 11:22:06 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.4.3.1 | Size = 15997240 bytes | Modified Date = 9/26/2007 2:41:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe -> %ProgramFiles%\Pinnacle\VideoSpin\Programs\RM.exe [C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager] -> Pinnacle Systems [Ver = 7.1.1.542 | Size = 73728 bytes | Modified Date = 5/8/2008 4:19:10 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe -> %ProgramFiles%\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe [C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile] ->   [Ver = 1.0.2090.28238 | Size = 24576 bytes | Modified Date = 11/21/2006 5:05:58 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe -> %ProgramFiles%\Pinnacle\VideoSpin\Programs\umi.exe [C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi] -> Pinnacle Systems [Ver = 7.1.1.542 | Size = 81920 bytes | Modified Date = 5/8/2008 4:18:46 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe -> %ProgramFiles%\Pinnacle\VideoSpin\Programs\VideoSpin.exe [C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin] -> Pinnacle Systems [Ver = 1.1.2.542 | Size = 5091328 bytes | Modified Date = 5/8/2008 4:58:38 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Veoh Networks\Veoh\VeohClient.exe -> %ProgramFiles%\Veoh Networks\Veoh\VeohClient.exe [C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client] -> Veoh Networks [Ver = 3.9.6.1048 | Size = 3664944 bytes | Modified Date = 6/19/2008 3:15:12 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 12:17:27 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{4D9543B7-48A1-4573-81F4-38D009495C01} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{8F7086D5-DF65-4F75-ADA8-980FC70210B2} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 5:12:36 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 44 00 45 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 5:12:11 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 5:12:04 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 5:12:36 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 4/13/2008 5:12:04 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 4/13/2008 5:12:38 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 5:12:04 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 9/5/2008 10:20:56 AM | Attr =  H ]
f3d19b0988538154420b91e2 -> %SystemDrive%\f3d19b0988538154420b91e2 ->  [Folder | Created Date = 9/4/2008 8:41:02 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063407616 bytes | Created Date = 9/6/2008 9:38:29 AM | Attr =  HS]
Temp -> %SystemDrive%\Temp ->  [Folder | Created Date = 9/2/2008 8:53:45 PM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 9/5/2008 10:41:36 PM | Attr =	]
pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0  | Size = 28544 bytes | Created Date = 9/5/2008 5:58:07 PM | Attr =	]
Teefer.sys -> %SystemRoot%\System32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Created Date = 9/6/2008 6:11:06 PM | Attr =	]
wg3n.sys -> %SystemRoot%\System32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 9/6/2008 6:11:07 PM | Attr =	]
wg4n.sys -> %SystemRoot%\System32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 9/6/2008 6:11:08 PM | Attr =	]
wg5n.sys -> %SystemRoot%\System32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 9/6/2008 6:11:08 PM | Attr =	]
wg6n.sys -> %SystemRoot%\System32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 9/6/2008 6:11:09 PM | Attr =	]
wpsdrvnt.sys -> %SystemRoot%\System32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Created Date = 9/6/2008 6:11:05 PM | Attr =	]
adywkz.dll -> %SystemRoot%\System32\adywkz.dll ->  [Ver =  | Size = 107520 bytes | Created Date = 9/2/2008 11:12:20 PM | Attr =	]
dkbvddtq.dll -> %SystemRoot%\System32\dkbvddtq.dll ->  [Ver =  | Size = 82944 bytes | Created Date = 9/5/2008 12:02:58 PM | Attr =	]
eybshinx.dll -> %SystemRoot%\System32\eybshinx.dll ->  [Ver =  | Size = 119808 bytes | Created Date = 9/3/2008 11:35:46 PM | Attr =	]
gbesenvs.dll -> %SystemRoot%\System32\gbesenvs.dll ->  [Ver =  | Size = 107520 bytes | Created Date = 9/2/2008 11:33:30 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %SystemRoot%\System32\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 41000 bytes | Created Date = 9/3/2008 11:29:01 PM | Attr =	]
gphfgyvg.dll -> %SystemRoot%\System32\gphfgyvg.dll ->  [Ver =  | Size = 82944 bytes | Created Date = 9/3/2008 11:33:17 AM | Attr =	]
gpwdtfkl.ini -> %SystemRoot%\System32\gpwdtfkl.ini ->  [Ver =  | Size = 1436097 bytes | Created Date = 9/2/2008 11:05:06 PM | Attr =  HS]
gvygfhpg.ini -> %SystemRoot%\System32\gvygfhpg.ini ->  [Ver =  | Size = 1308747 bytes | Created Date = 9/3/2008 11:33:29 AM | Attr =  HS]
jyjeepms.dll -> %SystemRoot%\System32\jyjeepms.dll ->  [Ver =  | Size = 119808 bytes | Created Date = 9/5/2008 11:59:42 AM | Attr =	]
kqcxfluq.dll -> %SystemRoot%\System32\kqcxfluq.dll ->  [Ver =  | Size = 107520 bytes | Created Date = 9/2/2008 11:08:05 PM | Attr =	]
ksaerfop.dll -> %SystemRoot%\System32\ksaerfop.dll ->  [Ver =  | Size = 89600 bytes | Created Date = 9/2/2008 11:32:44 PM | Attr =	]
lkftdwpg.dll -> %SystemRoot%\System32\lkftdwpg.dll ->  [Ver =  | Size = 82944 bytes | Created Date = 9/2/2008 11:05:05 PM | Attr =	]
lTBLorqr.ini -> %SystemRoot%\System32\lTBLorqr.ini ->  [Ver =  | Size = 885842 bytes | Created Date = 9/2/2008 8:59:04 PM | Attr =  HS]
lTBLorqr.ini2 -> %SystemRoot%\System32\lTBLorqr.ini2 ->  [Ver =  | Size = 885842 bytes | Created Date = 9/2/2008 8:59:04 PM | Attr =  HS]
lurjuqcn.ini -> %SystemRoot%\System32\lurjuqcn.ini ->  [Ver =  | Size = 1451879 bytes | Created Date = 9/3/2008 11:38:47 PM | Attr =  HS]
mpujgpgd.dll -> %SystemRoot%\System32\mpujgpgd.dll ->  [Ver =  | Size = 89600 bytes | Created Date = 9/2/2008 11:02:05 PM | Attr =	]
neiwirwp.dll -> %SystemRoot%\System32\neiwirwp.dll ->  [Ver =  | Size = 107520 bytes | Created Date = 9/2/2008 9:02:05 PM | Attr =	]
nnyppq.dll -> %SystemRoot%\System32\nnyppq.dll ->  [Ver =  | Size = 107520 bytes | Created Date = 9/2/2008 9:02:08 PM | Attr =	]
ouqpxp.dll -> %SystemRoot%\System32\ouqpxp.dll ->  [Ver =  | Size = 119808 bytes | Created Date = 9/3/2008 11:35:48 PM | Attr =	]
qtddvbkd.ini -> %SystemRoot%\System32\qtddvbkd.ini ->  [Ver =  | Size = 1453425 bytes | Created Date = 9/5/2008 12:03:01 PM | Attr =  HS]
quartz.vxd -> %SystemRoot%\System32\quartz.vxd ->  [Ver =  | Size = 5672 bytes | Created Date = 8/10/2008 2:08:46 PM | Attr =	]
rsfbckdq.dll -> %SystemRoot%\System32\rsfbckdq.dll ->  [Ver =  | Size = 107520 bytes | Created Date = 9/2/2008 11:12:16 PM | Attr =	]
sbryyeis.dll -> %SystemRoot%\System32\sbryyeis.dll ->  [Ver =  | Size = 119808 bytes | Created Date = 9/3/2008 11:33:04 AM | Attr =	]
sbteekwl.ini -> %SystemRoot%\System32\sbteekwl.ini ->  [Ver =  | Size = 1451567 bytes | Created Date = 9/2/2008 11:34:44 PM | Attr =  HS]
sijwohuu.ini -> %SystemRoot%\System32\sijwohuu.ini ->  [Ver =  | Size = 1436037 bytes | Created Date = 9/2/2008 9:00:26 PM | Attr =  HS]
SSSensor.dll -> %SystemRoot%\System32\SSSensor.dll -> Sygate Technologies, Inc. [Ver = 5. 5. 0. 5 | Size = 83096 bytes | Created Date = 9/6/2008 6:11:02 PM | Attr =	]
tktubwhf.ini -> %SystemRoot%\System32\tktubwhf.ini ->  [Ver =  | Size = 1436037 bytes | Created Date = 9/2/2008 11:14:43 PM | Attr =  HS]
tm20dec.ax -> %SystemRoot%\System32\tm20dec.ax -> The Duck Corporation [Ver = 2.98.3.16 | Size = 140800 bytes | Created Date = 8/10/2008 2:09:30 PM | Attr =	]
VELkQqss.ini -> %SystemRoot%\System32\VELkQqss.ini ->  [Ver =  | Size = 358 bytes | Created Date = 9/3/2008 9:57:33 AM | Attr =  HS]
VELkQqss.ini2 -> %SystemRoot%\System32\VELkQqss.ini2 ->  [Ver =  | Size = 347 bytes | Created Date = 9/3/2008 9:57:33 AM | Attr =  HS]
vidx16.dll -> %SystemRoot%\System32\vidx16.dll ->  [Ver =  | Size = 10240 bytes | Created Date = 8/10/2008 2:08:47 PM | Attr =	]
wauviqpo.dll -> %SystemRoot%\System32\wauviqpo.dll ->  [Ver =  | Size = 89600 bytes | Created Date = 9/2/2008 11:12:07 PM | Attr =	]
wouvpu.dll -> %SystemRoot%\System32\wouvpu.dll ->  [Ver =  | Size = 107520 bytes | Created Date = 9/2/2008 11:08:07 PM | Attr =	]
wTR19 -> %SystemRoot%\System32\wTR19 ->  [Folder | Created Date = 9/2/2008 8:53:45 PM | Attr =	]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
xejuwc.dll -> %SystemRoot%\System32\xejuwc.dll ->  [Ver =  | Size = 119808 bytes | Created Date = 9/3/2008 11:33:07 AM | Attr =	]
xithoq.dll -> %SystemRoot%\System32\xithoq.dll ->  [Ver =  | Size = 107520 bytes | Created Date = 9/2/2008 11:33:35 PM | Attr =	]
YJkknnpo.ini -> %SystemRoot%\System32\YJkknnpo.ini ->  [Ver =  | Size = 854390 bytes | Created Date = 9/3/2008 8:43:31 PM | Attr =  HS]
YJkknnpo.ini2 -> %SystemRoot%\System32\YJkknnpo.ini2 ->  [Ver =  | Size = 854390 bytes | Created Date = 9/3/2008 8:43:33 PM | Attr =  HS]
BM13f4c000.xml -> %SystemRoot%\BM13f4c000.xml ->  [Ver =  | Size = 111578 bytes | Created Date = 9/2/2008 11:02:07 PM | Attr =	]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 29590 bytes | Created Date = 9/2/2008 11:48:36 PM | Attr =	]
CSC -> %SystemRoot%\CSC ->  [Folder | Created Date = 9/5/2008 11:06:21 PM | Attr =  HS]
7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
[Files Created - Additional Folder Scans - Non-Microsoft Only]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Created Date = 9/5/2008 3:49:10 PM | Attr =	]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 9/5/2008 3:48:39 PM | Attr =	]
BUDGET 82208.xls -> %UserProfile%\My Documents\BUDGET 82208.xls ->  [Ver =  | Size = 19968 bytes | Created Date = 8/21/2008 11:14:26 PM | Attr =	]
firewall.msi -> %UserProfile%\My Documents\firewall.msi ->  [Ver =  | Size = 5659648 bytes | Created Date = 9/6/2008 6:09:50 PM | Attr =	]
My Received Files -> %UserProfile%\My Documents\My Received Files ->  [Folder | Created Date = 9/5/2008 7:32:53 PM | Attr =	]
3 C:\Documents and Settings\Fabienne\My Documents\*.tmp files -> C:\Documents and Settings\Fabienne\My Documents\*.tmp -> 
OTScanIt -> %UserProfile%\My Documents\OTScanIt ->  [Folder | Created Date = 9/7/2008 8:46:59 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\My Documents\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 9/7/2008 8:46:40 AM | Attr =	]
rr-free-setup.exe -> %UserProfile%\My Documents\rr-free-setup.exe -> Malwarebytes												 [Ver = 1.0.0.0			  | Size = 690568 bytes | Created Date = 9/5/2008 10:27:48 PM | Attr =	]
VirtumundoBeGone.exe -> %UserProfile%\My Documents\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Created Date = 9/5/2008 11:15:22 PM | Attr =	]
WEIGHT RECORD.xls -> %UserProfile%\My Documents\WEIGHT RECORD.xls ->  [Ver =  | Size = 15872 bytes | Created Date = 8/22/2008 3:29:09 PM | Attr =	]
ww log.xls -> %UserProfile%\My Documents\ww log.xls ->  [Ver =  | Size = 17920 bytes | Created Date = 8/22/2008 3:24:51 PM | Attr =	]
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk ->  [Ver =  | Size = 793 bytes | Created Date = 9/6/2008 10:17:17 AM | Attr =	]
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk ->  [Ver =  | Size = 793 bytes | Created Date = 9/6/2008 10:17:17 AM | Attr =	]
RogueRemover FREE.lnk -> %AllUsersProfile%\Desktop\RogueRemover FREE.lnk ->  [Ver =  | Size = 695 bytes | Created Date = 9/5/2008 10:28:24 PM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Created Date = 9/5/2008 3:48:44 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1739 bytes | Created Date = 9/5/2008 10:14:19 PM | Attr =	]
To Play Hype - The Time Quest.lnk -> %UserProfile%\Desktop\To Play Hype - The Time Quest.lnk ->  [Ver =  | Size = 1557 bytes | Created Date = 8/10/2008 2:12:03 PM | Attr =	]
VirtumundoBeGone.exe -> %UserProfile%\Desktop\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Created Date = 9/5/2008 11:10:57 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 9/5/2008 3:48:03 PM | Attr =	]
Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight ->  [Folder | Created Date = 9/5/2008 9:43:44 PM | Attr =	]
Panda Security -> %ProgramFiles%\Panda Security ->  [Folder | Created Date = 9/5/2008 5:57:48 PM | Attr =	]
RogueRemover FREE -> %ProgramFiles%\RogueRemover FREE ->  [Folder | Created Date = 9/5/2008 10:28:23 PM | Attr =	]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware ->  [Folder | Created Date = 9/5/2008 3:48:39 PM | Attr =	]
Sygate -> %ProgramFiles%\Sygate ->  [Folder | Created Date = 9/6/2008 6:10:53 PM | Attr =	]
Windows Live Safety Center -> %ProgramFiles%\Windows Live Safety Center ->  [Folder | Created Date = 9/5/2008 10:22:28 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 210 bytes | Modified Date = 9/6/2008 9:37:46 AM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063407616 bytes | Modified Date = 9/7/2008 9:23:41 AM | Attr =  HS]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 263876 bytes | Modified Date = 9/6/2008 1:33:45 PM | Attr = R  ]
adywkz.dll -> %SystemRoot%\System32\adywkz.dll ->  [Ver =  | Size = 107520 bytes | Modified Date = 9/2/2008 11:12:19 PM | Attr =	]
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 8/10/2008 2:09:00 PM | Attr =	]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
Config.MPF -> %SystemRoot%\System32\Config.MPF ->  [Ver =  | Size = 3804 bytes | Modified Date = 9/7/2008 9:25:29 AM | Attr =	]
dkbvddtq.dll -> %SystemRoot%\System32\dkbvddtq.dll ->  [Ver =  | Size = 82944 bytes | Modified Date = 9/5/2008 12:03:01 PM | Attr =	]
eybshinx.dll -> %SystemRoot%\System32\eybshinx.dll ->  [Ver =  | Size = 119808 bytes | Modified Date = 9/3/2008 11:35:48 PM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 163528 bytes | Modified Date = 9/5/2008 7:31:45 PM | Attr =	]
gbesenvs.dll -> %SystemRoot%\System32\gbesenvs.dll ->  [Ver =  | Size = 107520 bytes | Modified Date = 9/2/2008 11:33:33 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %SystemRoot%\System32\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 41000 bytes | Modified Date = 9/3/2008 11:29:01 PM | Attr =	]
gphfgyvg.dll -> %SystemRoot%\System32\gphfgyvg.dll ->  [Ver =  | Size = 82944 bytes | Modified Date = 9/3/2008 11:33:18 AM | Attr =	]
gpwdtfkl.ini -> %SystemRoot%\System32\gpwdtfkl.ini ->  [Ver =  | Size = 1436097 bytes | Modified Date = 9/2/2008 11:05:26 PM | Attr =  HS]
gvygfhpg.ini -> %SystemRoot%\System32\gvygfhpg.ini ->  [Ver =  | Size = 1308747 bytes | Modified Date = 9/3/2008 11:33:44 AM | Attr =  HS]
jyjeepms.dll -> %SystemRoot%\System32\jyjeepms.dll ->  [Ver =  | Size = 119808 bytes | Modified Date = 9/5/2008 11:59:43 AM | Attr =	]
kqcxfluq.dll -> %SystemRoot%\System32\kqcxfluq.dll ->  [Ver =  | Size = 107520 bytes | Modified Date = 9/2/2008 11:08:07 PM | Attr =	]
ksaerfop.dll -> %SystemRoot%\System32\ksaerfop.dll ->  [Ver =  | Size = 89600 bytes | Modified Date = 9/2/2008 11:32:46 PM | Attr =	]
lkftdwpg.dll -> %SystemRoot%\System32\lkftdwpg.dll ->  [Ver =  | Size = 82944 bytes | Modified Date = 9/2/2008 11:05:06 PM | Attr =	]
lTBLorqr.ini -> %SystemRoot%\System32\lTBLorqr.ini ->  [Ver =  | Size = 885842 bytes | Modified Date = 9/5/2008 4:49:45 PM | Attr =  HS]
lTBLorqr.ini2 -> %SystemRoot%\System32\lTBLorqr.ini2 ->  [Ver =  | Size = 885842 bytes | Modified Date = 9/5/2008 4:47:21 PM | Attr =  HS]
lurjuqcn.ini -> %SystemRoot%\System32\lurjuqcn.ini ->  [Ver =  | Size = 1451879 bytes | Modified Date = 9/5/2008 12:02:09 PM | Attr =  HS]
mpujgpgd.dll -> %SystemRoot%\System32\mpujgpgd.dll ->  [Ver =  | Size = 89600 bytes | Modified Date = 9/2/2008 11:02:07 PM | Attr =	]
neiwirwp.dll -> %SystemRoot%\System32\neiwirwp.dll ->  [Ver =  | Size = 107520 bytes | Modified Date = 9/2/2008 9:02:08 PM | Attr =	]
nnyppq.dll -> %SystemRoot%\System32\nnyppq.dll ->  [Ver =  | Size = 107520 bytes | Modified Date = 9/2/2008 9:02:08 PM | Attr =	]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 8/10/2008 2:09:00 PM | Attr =	]
ouqpxp.dll -> %SystemRoot%\System32\ouqpxp.dll ->  [Ver =  | Size = 119808 bytes | Modified Date = 9/3/2008 11:35:48 PM | Attr =	]
qtddvbkd.ini -> %SystemRoot%\System32\qtddvbkd.ini ->  [Ver =  | Size = 1453425 bytes | Modified Date = 9/7/2008 9:26:43 AM | Attr =  HS]
rsfbckdq.dll -> %SystemRoot%\System32\rsfbckdq.dll ->  [Ver =  | Size = 107520 bytes | Modified Date = 9/2/2008 11:12:19 PM | Attr =	]
sbryyeis.dll -> %SystemRoot%\System32\sbryyeis.dll ->  [Ver =  | Size = 119808 bytes | Modified Date = 9/3/2008 11:33:07 AM | Attr =	]
sbteekwl.ini -> %SystemRoot%\System32\sbteekwl.ini ->  [Ver =  | Size = 1451567 bytes | Modified Date = 9/3/2008 11:37:07 PM | Attr =  HS]
sijwohuu.ini -> %SystemRoot%\System32\sijwohuu.ini ->  [Ver =  | Size = 1436037 bytes | Modified Date = 9/2/2008 9:00:34 PM | Attr =  HS]
tktubwhf.ini -> %SystemRoot%\System32\tktubwhf.ini ->  [Ver =  | Size = 1436037 bytes | Modified Date = 9/2/2008 11:14:54 PM | Attr =  HS]
VELkQqss.ini -> %SystemRoot%\System32\VELkQqss.ini ->  [Ver =  | Size = 358 bytes | Modified Date = 9/3/2008 9:57:58 AM | Attr =  HS]
VELkQqss.ini2 -> %SystemRoot%\System32\VELkQqss.ini2 ->  [Ver =  | Size = 347 bytes | Modified Date = 9/3/2008 9:57:33 AM | Attr =  HS]
wauviqpo.dll -> %SystemRoot%\System32\wauviqpo.dll ->  [Ver =  | Size = 89600 bytes | Modified Date = 9/2/2008 11:12:08 PM | Attr =	]
wouvpu.dll -> %SystemRoot%\System32\wouvpu.dll ->  [Ver =  | Size = 107520 bytes | Modified Date = 9/2/2008 11:08:07 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 9/2/2008 2:03:32 PM | Attr =	]
xejuwc.dll -> %SystemRoot%\System32\xejuwc.dll ->  [Ver =  | Size = 119808 bytes | Modified Date = 9/3/2008 11:33:07 AM | Attr =	]
xithoq.dll -> %SystemRoot%\System32\xithoq.dll ->  [Ver =  | Size = 107520 bytes | Modified Date = 9/2/2008 11:33:33 PM | Attr =	]
YJkknnpo.ini -> %SystemRoot%\System32\YJkknnpo.ini ->  [Ver =  | Size = 854390 bytes | Modified Date = 9/3/2008 11:19:34 PM | Attr =  HS]
YJkknnpo.ini2 -> %SystemRoot%\System32\YJkknnpo.ini2 ->  [Ver =  | Size = 854390 bytes | Modified Date = 9/3/2008 11:20:25 PM | Attr =  HS]
7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
BM13f4c000.xml -> %SystemRoot%\BM13f4c000.xml ->  [Ver =  | Size = 111578 bytes | Modified Date = 9/6/2008 1:26:16 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 9/7/2008 9:23:46 AM | Attr =   S]
Brownie.ini -> %SystemRoot%\Brownie.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 9/7/2008 9:22:50 AM | Attr =	]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 29590 bytes | Modified Date = 9/6/2008 6:00:34 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 8/18/2008 3:07:20 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 9/7/2008 9:24:45 AM | Attr =  H ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 9/6/2008 9:37:46 AM | Attr =	]
Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 8192 bytes | Modified Date = 9/5/2008 10:19:22 PM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 538 bytes | Modified Date = 9/6/2008 9:37:46 AM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 837 bytes | Modified Date = 9/6/2008 1:25:44 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 9/5/2008 11:52:02 PM | Attr =	]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 346 bytes | Modified Date = 8/15/2008 1:42:59 AM | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 338 bytes | Modified Date = 9/1/2008 1:00:01 AM | Attr =	]
rpc.job -> %SystemRoot%\tasks\rpc.job ->  [Ver =  | Size = 386 bytes | Modified Date = 9/7/2008 9:00:01 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 9/7/2008 9:24:09 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 1/13/2006 12:08:19 AM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 8/18/2008 8:33:06 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5495 bytes | Modified Date = 8/18/2008 8:32:40 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data ->  [Folder | Modified Date = 4/20/2006 7:03:44 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1516 bytes | Modified Date = 4/20/2006 7:51:50 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing ->  [Folder | Modified Date = 9/5/2008 5:02:48 PM | Attr =	]
1e5087d3-4b65-3a13-e56e-f8c0b01c389d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\1e5087d3-4b65-3a13-e56e-f8c0b01c389d.dat ->  [Ver =  | Size = 3338 bytes | Modified Date = 5/18/2008 10:42:47 PM | Attr =	]
7fc76939-1749-9389-638e-b057f3111dfe.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\7fc76939-1749-9389-638e-b057f3111dfe.dat ->  [Ver =  | Size = 8266 bytes | Modified Date = 5/18/2008 10:42:47 PM | Attr =	]
C:\Documents and Settings\Fabienne\Local Settings\Temp\ -> C:\Documents and Settings\Fabienne\Local Settings\Temp ->  [Folder | Modified Date = 9/7/2008 9:26:37 AM | Attr =	]
rtdrvmon.exe -> C:\Documents and Settings\Fabienne\Local Settings\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 9/7/2008 9:24:57 AM | Attr =	]
SSUPDATE.EXE -> C:\Documents and Settings\Fabienne\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1034 | Size = 158960 bytes | Modified Date = 9/3/2008 2:07:10 PM | Attr =	]
1 C:\Documents and Settings\Fabienne\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Fabienne\Local Settings\Temp\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 8704 bytes | Modified Date = 9/5/2008 10:00:08 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 39008 bytes | Modified Date = 9/5/2008 5:52:17 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4309186 bytes | Modified Date = 9/7/2008 9:22:34 AM | Attr =  H ]
PCLECHAL.INI -> %AllUsersProfile%\Documents\PCLECHAL.INI ->  [Ver =  | Size = 349 bytes | Modified Date = 9/2/2008 2:02:34 PM | Attr =	]
BUDGET 82208.xls -> %UserProfile%\My Documents\BUDGET 82208.xls ->  [Ver =  | Size = 19968 bytes | Modified Date = 9/6/2008 11:49:15 AM | Attr =	]
firewall.msi -> %UserProfile%\My Documents\firewall.msi ->  [Ver =  | Size = 5659648 bytes | Modified Date = 9/6/2008 6:10:16 PM | Attr =	]
3 C:\Documents and Settings\Fabienne\My Documents\*.tmp files -> C:\Documents and Settings\Fabienne\My Documents\*.tmp -> 
OTScanIt.exe -> %UserProfile%\My Documents\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 9/7/2008 8:46:44 AM | Attr =	]
rr-free-setup.exe -> %UserProfile%\My Documents\rr-free-setup.exe -> Malwarebytes												 [Ver = 1.0.0.0			  | Size = 690568 bytes | Modified Date = 9/5/2008 10:27:54 PM | Attr =	]
VirtumundoBeGone.exe -> %UserProfile%\My Documents\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Modified Date = 9/5/2008 11:15:22 PM | Attr =	]
WEIGHT RECORD.xls -> %UserProfile%\My Documents\WEIGHT RECORD.xls ->  [Ver =  | Size = 15872 bytes | Modified Date = 8/22/2008 3:29:09 PM | Attr =	]
ww log.xls -> %UserProfile%\My Documents\ww log.xls ->  [Ver =  | Size = 17920 bytes | Modified Date = 8/22/2008 3:29:12 PM | Attr =	]
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk ->  [Ver =  | Size = 793 bytes | Modified Date = 9/6/2008 10:17:17 AM | Attr =	]
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk ->  [Ver =  | Size = 793 bytes | Modified Date = 9/6/2008 10:17:17 AM | Attr =	]
RogueRemover FREE.lnk -> %AllUsersProfile%\Desktop\RogueRemover FREE.lnk ->  [Ver =  | Size = 695 bytes | Modified Date = 9/5/2008 10:28:24 PM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 9/5/2008 3:48:45 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1739 bytes | Modified Date = 9/6/2008 9:00:08 PM | Attr =	]
To Play Hype - The Time Quest.lnk -> %UserProfile%\Desktop\To Play Hype - The Time Quest.lnk ->  [Ver =  | Size = 1557 bytes | Modified Date = 8/10/2008 2:12:03 PM | Attr =	]
VirtumundoBeGone.exe -> %UserProfile%\Desktop\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Modified Date = 9/5/2008 11:11:03 PM | Attr =	]
Windows Media Player.lnk -> %UserProfile%\Desktop\Windows Media Player.lnk ->  [Ver =  | Size = 782 bytes | Modified Date = 8/10/2008 2:09:09 PM | Attr =	]

[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
Application Data -> C:\Documents and Settings\All Users\Application Data ->  [Folder | Modified Date = 9/6/2008 10:17:10 AM | Attr = RH ]
Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe ->  [Folder | Modified Date = 7/6/2007 3:57:35 PM | Attr =	]
AOL -> C:\Documents and Settings\All Users\Application Data\AOL ->  [Folder | Modified Date = 7/4/2008 8:58:17 PM | Attr =	]
AOL Downloads -> C:\Documents and Settings\All Users\Application Data\AOL Downloads ->  [Folder | Modified Date = 7/4/2008 8:32:20 PM | Attr =	]
AOL OCP -> C:\Documents and Settings\All Users\Application Data\AOL OCP ->  [Folder | Modified Date = 7/4/2008 8:34:45 PM | Attr =	]
Apple -> C:\Documents and Settings\All Users\Application Data\Apple ->  [Folder | Modified Date = 11/3/2007 8:26:53 PM | Attr =	]
Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer ->  [Folder | Modified Date = 9/19/2006 5:31:50 PM | Attr =	]
Avg7 -> C:\Documents and Settings\All Users\Application Data\Avg7 ->  [Folder | Modified Date = 7/4/2008 4:58:54 PM | Attr =	]
CopyPod -> C:\Documents and Settings\All Users\Application Data\CopyPod ->  [Folder | Modified Date = 3/18/2006 10:39:38 PM | Attr =	]
Dell -> C:\Documents and Settings\All Users\Application Data\Dell ->  [Folder | Modified Date = 1/31/2008 7:15:32 PM | Attr =	]
Ebates__MoeMoney__Maker -> C:\Documents and Settings\All Users\Application Data\Ebates__MoeMoney__Maker ->  [Folder | Modified Date = 6/29/2007 9:46:16 AM | Attr =	]
Google -> C:\Documents and Settings\All Users\Application Data\Google ->  [Folder | Modified Date = 9/5/2008 4:59:51 PM | Attr =	]
InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield ->  [Folder | Modified Date = 1/13/2006 12:15:33 AM | Attr =	]
Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft ->  [Folder | Modified Date = 9/6/2008 10:18:15 AM | Attr =	]
McAfee -> C:\Documents and Settings\All Users\Application Data\McAfee ->  [Folder | Modified Date = 7/4/2008 5:16:34 PM | Attr =	]
Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft ->  [Folder | Modified Date = 9/5/2008 5:38:49 PM | Attr =   S]
Office Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage ->  [Folder | Modified Date = 12/11/2006 12:10:43 PM | Attr =	]
PferdeHof -> C:\Documents and Settings\All Users\Application Data\PferdeHof ->  [Folder | Modified Date = 5/21/2008 9:40:00 AM | Attr =	]
Pinnacle -> C:\Documents and Settings\All Users\Application Data\Pinnacle ->  [Folder | Modified Date = 7/1/2008 12:35:56 PM | Attr =	]
Pinnacle VideoSpin -> C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin ->  [Folder | Modified Date = 7/1/2008 12:44:12 PM | Attr =	]
QuickTime -> C:\Documents and Settings\All Users\Application Data\QuickTime ->  [Folder | Modified Date = 1/13/2006 12:14:53 AM | Attr =	]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/5/2008 3:21:41 PM | Attr =	]
SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com ->  [Folder | Modified Date = 9/5/2008 3:49:10 PM | Attr =	]
SupportSoft -> C:\Documents and Settings\All Users\Application Data\SupportSoft ->  [Folder | Modified Date = 1/31/2008 7:16:13 PM | Attr =	]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP ->  [Folder | Modified Date = 7/18/2008 7:26:09 PM | Attr =	]
@Alternate Data Stream - 135 bytes -> %AllUsersProfile%\Application Data\TEMP:5A823589
@Alternate Data Stream - 128 bytes -> %AllUsersProfile%\Application Data\TEMP:A2947BEA
VideoSpin -> C:\Documents and Settings\All Users\Application Data\VideoSpin ->  [Folder | Modified Date = 7/1/2008 12:39:30 PM | Attr =	]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint ->  [Folder | Modified Date = 2/14/2007 9:18:08 PM | Attr =	]
Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage ->  [Folder | Modified Date = 3/22/2006 11:37:35 PM | Attr =	]
Winferno -> C:\Documents and Settings\All Users\Application Data\Winferno ->  [Folder | Modified Date = 2/4/2008 5:21:08 PM | Attr =	]
Yahoo -> C:\Documents and Settings\All Users\Application Data\Yahoo ->  [Folder | Modified Date = 4/3/2007 7:46:55 PM | Attr =	]
Yahoo! -> C:\Documents and Settings\All Users\Application Data\Yahoo! ->  [Folder | Modified Date = 5/22/2007 3:04:45 PM | Attr =	]
Application Data -> C:\Documents and Settings\Fabienne\Application Data ->  [Folder | Modified Date = 9/5/2008 3:48:39 PM | Attr = RH ]
Adobe -> C:\Documents and Settings\Fabienne\Application Data\Adobe ->  [Folder | Modified Date = 7/10/2008 8:44:52 PM | Attr =	]
AdobeUM -> C:\Documents and Settings\Fabienne\Application Data\AdobeUM ->  [Folder | Modified Date = 8/17/2008 10:00:31 AM | Attr =	]
AOL -> C:\Documents and Settings\Fabienne\Application Data\AOL ->  [Folder | Modified Date = 7/4/2008 8:57:13 PM | Attr =	]
Apple Computer -> C:\Documents and Settings\Fabienne\Application Data\Apple Computer ->  [Folder | Modified Date = 5/21/2006 7:01:09 PM | Attr =	]
Corel -> C:\Documents and Settings\Fabienne\Application Data\Corel ->  [Folder | Modified Date = 3/31/2006 10:21:55 PM | Attr =	]
Corel Photo Album -> C:\Documents and Settings\Fabienne\Application Data\Corel Photo Album ->  [Folder | Modified Date = 3/12/2006 4:19:01 PM | Attr =	]
Ebates__MoeMoney__Maker -> C:\Documents and Settings\Fabienne\Application Data\Ebates__MoeMoney__Maker ->  [Folder | Modified Date = 5/25/2008 3:44:55 PM | Attr =	]
Google -> C:\Documents and Settings\Fabienne\Application Data\Google ->  [Folder | Modified Date = 3/19/2007 11:47:35 AM | Attr =	]
Help -> C:\Documents and Settings\Fabienne\Application Data\Help ->  [Folder | Modified Date = 4/8/2006 10:53:05 PM | Attr =	]
Identities -> C:\Documents and Settings\Fabienne\Application Data\Identities ->  [Folder | Modified Date = 8/16/2005 3:50:20 AM | Attr =	]
iPod Copy Expert -> C:\Documents and Settings\Fabienne\Application Data\iPod Copy Expert ->  [Folder | Modified Date = 6/24/2008 1:02:50 PM | Attr =	]
iPodSoft -> C:\Documents and Settings\Fabienne\Application Data\iPodSoft ->  [Folder | Modified Date = 8/22/2006 8:48:18 PM | Attr =	]
Lavasoft -> C:\Documents and Settings\Fabienne\Application Data\Lavasoft ->  [Folder | Modified Date = 3/23/2007 5:26:21 PM | Attr =	]
Leadertech -> C:\Documents and Settings\Fabienne\Application Data\Leadertech ->  [Folder | Modified Date = 3/10/2006 8:17:22 PM | Attr =	]
Macromedia -> C:\Documents and Settings\Fabienne\Application Data\Macromedia ->  [Folder | Modified Date = 9/20/2006 12:49:55 PM | Attr =	]
Microsoft -> C:\Documents and Settings\Fabienne\Application Data\Microsoft ->  [Folder | Modified Date = 7/4/2008 8:59:41 PM | Attr =   S]
Microsoft Games -> C:\Documents and Settings\Fabienne\Application Data\Microsoft Games ->  [Folder | Modified Date = 12/25/2006 11:11:05 AM | Attr =	]
Mozilla -> C:\Documents and Settings\Fabienne\Application Data\Mozilla ->  [Folder | Modified Date = 7/4/2008 8:32:20 PM | Attr =	]
MyPublisher -> C:\Documents and Settings\Fabienne\Application Data\MyPublisher ->  [Folder | Modified Date = 7/3/2007 7:49:53 PM | Attr =	]
Snapfish -> C:\Documents and Settings\Fabienne\Application Data\Snapfish ->  [Folder | Modified Date = 6/28/2007 6:28:30 PM | Attr =	]
Sun -> C:\Documents and Settings\Fabienne\Application Data\Sun ->  [Folder | Modified Date = 1/13/2006 12:06:01 AM | Attr =	]
SUPERAntiSpyware.com -> C:\Documents and Settings\Fabienne\Application Data\SUPERAntiSpyware.com ->  [Folder | Modified Date = 9/5/2008 3:48:39 PM | Attr =	]
Viewpoint -> C:\Documents and Settings\Fabienne\Application Data\Viewpoint ->  [Folder | Modified Date = 2/14/2007 9:18:10 PM | Attr =	]
Yahoo! -> C:\Documents and Settings\Fabienne\Application Data\Yahoo! ->  [Folder | Modified Date = 7/3/2008 5:07:27 PM | Attr =	]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks ->  [Folder | Modified Date = 7/4/2008 5:13:39 PM | Attr =   S]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 9/5/2008 11:52:02 PM | Attr =	]
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = RH ]
McDefragTask.job -> C:\WINDOWS\Tasks\McDefragTask.job ->  [Ver =  | Size = 346 bytes | Modified Date = 8/15/2008 1:42:59 AM | Attr =	]
McQcTask.job -> C:\WINDOWS\Tasks\McQcTask.job ->  [Ver =  | Size = 338 bytes | Modified Date = 9/1/2008 1:00:01 AM | Attr =	]
rpc.job -> C:\WINDOWS\Tasks\rpc.job ->  [Ver =  | Size = 386 bytes | Modified Date = 9/7/2008 9:00:01 AM | Attr =	]
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 9/7/2008 9:24:09 AM | Attr =  H ]
[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\TEMP:5A823589 135 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:A2947BEA 128 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Impressionism - GalleryPlayer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Landscapes - GalleryPlayer\ehthumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Landscapes - GalleryPlayer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Masterpieces - GalleryPlayer\ehthumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Masterpieces - GalleryPlayer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Nature - GalleryPlayer\ehthumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Nature - GalleryPlayer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Travel - GalleryPlayer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Vintage - GalleryPlayer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Start Menu\Programs\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Brian\Favorites\14 ft boat and trailer.url:favicon 1150 bytes
C:\Documents and Settings\Brian\Favorites\1999 Ford F-350 Super Duty 4x4 Dually Crew.url:favicon 1150 bytes
C:\Documents and Settings\Brian\Favorites\77 toyota truck.url:favicon 1150 bytes
C:\Documents and Settings\Brian\Favorites\A-C performace - Dodge Talk Community Forum.url:favicon 4710 bytes
C:\Documents and Settings\Brian\Favorites\Access Washington - Official State Government Web Site.url:favicon 894 bytes
C:\Documents and Settings\Brian\Favorites\Cars For Sale Car Details - AutoTrader.com.url:favicon 318 bytes
C:\Documents and Settings\Brian\Favorites\Deer and Beer Stickers  Bumper Sticker.url:favicon 3638 bytes
C:\Documents and Settings\Brian\Favorites\KOMO-TV - Seattle, Washington.url:favicon 894 bytes
C:\Documents and Settings\Brian\Favorites\LTP.url:favicon 1406 bytes
C:\Documents and Settings\Brian\Favorites\PARTING OUT 75 DODGE 4X4.url:favicon 1150 bytes
C:\Documents and Settings\Brian\Favorites\Patching Drywall Tutorial.url:favicon 894 bytes
C:\Documents and Settings\Brian\Favorites\polebarn wiki - Password is Caitlyn's horse.url:favicon 5550 bytes
C:\Documents and Settings\Brian\Favorites\Radio Station Guide.url:favicon 3638 bytes
C:\Documents and Settings\Brian\Favorites\Dodge Diesel - Diesel Truck Resource Forums - Powered by vBulletin.url:favicon 1406 bytes
C:\Documents and Settings\Brian\Favorites\DodgeTalk.com.url:favicon 4710 bytes
C:\Documents and Settings\Brian\Favorites\Edmonds - Kingston Schedule.url:favicon 1406 bytes
C:\Documents and Settings\Brian\Favorites\Equine Now Horses for Sale.url:favicon 4286 bytes
C:\Documents and Settings\Brian\Favorites\Safety Lead & Harness.url:favicon 894 bytes
C:\Documents and Settings\Brian\Favorites\signs of bad pressure relief valve on rail - Dodge Diesel - Diesel Truck Resource Forums.url:favicon 1406 bytes
C:\Documents and Settings\Brian\Favorites\Snohomish County, WA Home Page.url:favicon 894 bytes
C:\Documents and Settings\Brian\Favorites\Triops Starter-Refill Kit.url:favicon 6598 bytes
C:\Documents and Settings\Brian\Favorites\TSB Index Page for DR 2006 Ram Truck All Engines-All Groups.url:favicon 318 bytes
C:\Documents and Settings\Brian\Favorites\uploan Home.url:favicon 3574 bytes
C:\Documents and Settings\Brian\Favorites\free camper.url:favicon 1150 bytes
C:\Documents and Settings\Brian\Favorites\HeraldNet - Snohomish County's online news source.url:favicon 318 bytes
C:\Documents and Settings\Brian\Favorites\http--72.3.225.179-manuals-pb1842lt-96012004500_e.pdf.url:favicon 20192 bytes
C:\Documents and Settings\Brian\Favorites\http--www.edelbrock.com-automotive_new-misc-tech_center-install-1000-1406_manual.pdf.url:favicon 3638 bytes
C:\Documents and Settings\Brian\Favorites\http--www.turbodieselregister.com-TDR57_Oil.pdf.url:favicon 318 bytes
C:\Documents and Settings\Brian\My Documents\caitlyn and rocket\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Brian\My Documents\My Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Brian\My Documents\My Pictures\may 06 kitten\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Brian\My Documents\My Pictures\Flight Simulator X Files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Brian\My Documents\My Pictures\mikayla 42206\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Brian\My Documents\My Pictures\pole\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Brian\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Brian\My Documents\My Pictures\William 62707\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Brian\My Documents\My Videos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Brian\My Documents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\!!!!!!!!!!!!!!!!!.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\55 gal aquarium with stand $50.00.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\60 gal Aquarium or reptile amphibian enclosure tank with metal stand.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\adoption.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\amazon.com Sim Farm (Jewel Case) Video Games.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Andenovirus-Deadly reptile desies-this page has help.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Animal Photos.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\IgUaNa 4 ChEaP.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\iguana for cheap.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\KH2faq.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Khemosabi - Google Image Search.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\KOMO-TV - Seattle, Washington  KOMO Weather.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\make games with simple coding.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Music Lyrics\If we hold on.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Music Lyrics\Our Song.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Music Lyrics\
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Music Lyrics\
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Behind the Name Japanese Names.url:favicon 2238 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\BELGIAN 2008.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Best Horse Photos, Pictures of Horses All Breeds, All The Time.url:favicon 3638 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Bloons - brought to you by Ninja Kiwi.url:favicon 2550 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Adopt a Lionhead Allie baby 4-Boome Petfinder.url:favicon 2238 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Adopt a Lionhead Allie baby 5-Pat Petfinder.url:favicon 2238 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Adopt a Lop Eared Claude & Edward Petfinder.url:favicon 2238 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Adopt a Mini-Lop Dancer, Prancer &  Petfinder.url:favicon 2238 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Adopt a Mini-Lop Megan Baby 2-Micke Petfinder.url:favicon 2238 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Adopt a Mini-Lop Oscar video! Petfinder.url:favicon 2238 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Adopt a Mini-Lop Scotty video! Petfinder.url:favicon 2238 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Adopt a Mini-Lop Teagen Petfinder.url:favicon 2238 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Adopt a Mini-Lop Zelda new video!! Petfinder.url:favicon 2238 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Baby Girl Lop Bunny.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Holland Lop Boy bunnies.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Mini Lops Rabbits.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Rabbits\25th Anniversary Photo Contest Official Rules.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Rabbits\Baby Holland Lop Girl Bunny.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Rabbits\baby mixed breed bunnies.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Rabbits\Dutch Bunny.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Rabbits\Holland Lop Bunnies.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Rabbits\Holland Lop Bunny Rabbit.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Rabbits\Pet Supplies, Dog Supplies, Cat Supplies, Pet Meds & Pet Products.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Rabbits\Safety Lead & Harness.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Rabbits\Safety Rabbit Lead & Harness Small Pet Products.url:favicon 4086 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Rabbits\Small Pet Cages Super Pet Deluxe My First Home at Drs. Foster & Smith.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Rabbits\Small Pet Cages Super Pet Rabbitrail Homes at Drs. Foster & Smith.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Rabbits\Small pet containment with adjustable side vents for added pet comfort.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\bunnies\Rabbits\Small pet food dish holds a lot of food in a break-resistant design.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\CORHS Adoption Appplication.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\CraXoR.url:favicon 11454 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\CYFTLT.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Demyx.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Heartland etc\Heartland book descriptions.url:favicon 3638 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Heartland etc\Heartland Quizzes.url:favicon 3774 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\heartland.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\horse 2008.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Horse slaughter hych.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\horse slaughter.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Horse Training Videos.url:favicon 4286 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\horse2 2008.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\http--www.buildabear.com--ProductImages-BABW_US-Large-7729L.jpg.url:favicon 4150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\gamefaqs The Legend of Zelda Ocarina of Time (N64) FAQ-Walkthrough by Kirby021591.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Music notes.url:favicon 4710 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\SynthaSite  Home.url:favicon 4606 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Ask about.url:favicon 5430 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\barn web.url:favicon 3638 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Bearded Dragon Lizard -- The Ideal Pet Lizard for Sale.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Bearded dragon plus cage.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Reptiles For Sale or Adoption - Page 18.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Rocket\Emma Watson.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Rocket\Horses For Sale.url:favicon 2494 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Rocket\Sims CHEATS.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Rocket\sims2pets cheats faqs blogs.url:favicon 3638 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Rocket\Stupid Poetry Contest.url:favicon 3126 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\rocky.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\SAY ANYTHING.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Sequim!!!!!!.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Simple and Clean.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\soon.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\ep i waz on.url:favicon 3638 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Female ball python with cage and accesories - $80.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\firefox.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Fish Creek Farm.url:favicon 3638 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Freewebs - magiccreekrocket.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Freeze Toolbar - Install.url:favicon 4286 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Ultimate horse reference!!.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Utada Hikaru.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Utada.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Veiled Chameleon w-Terrarium set-up!!!!!!!!!!!.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Veiled Chameleons.url:favicon 318 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Web Counter Created - Free Web Counter Free Hit Counters.url:favicon 1078 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Wonderful paint mare.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\worm and the mole game.url:favicon 2550 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\youtube cloudsephirothriku.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Music Paper.url:favicon 766 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\My first LOV E.url:favicon 894 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\MySpace.com.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Naruto Eps!!!.url:favicon 3638 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Nintendo Pokemon Red Version Game Boy Color - eBay (item 320234149830 end time Apr-06-08 151534 PDT).url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\O!!!!!!!!!!!!!!!!!!!!!O.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\PLEASE CONSIDER.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Pokémon.com.url:favicon 3638 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Google Image Result for http--mywebpages.comcast.net-freequine-hl-sl-sl1.jpg.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Google Image Result for http--www.ezthemes.com-previews-u-unicornfallsfantasyss.jpg.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Google Image Result for http--www.lisashea.com-lisabase-reptiles-tadpoles.jpg.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\Google Image Result for http--www.worldofhorses.co.uk-horses_usa-Breeds-Images-Gypsy_Vanner_horse.jpg.url:favicon 1406 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Favorites\GORGEOUS MALE VEILED CHAMELEON.url:favicon 1150 bytes
C:\Documents and Settings\Caitlyn & Mikayla\Local Settings\Application Data\Microsoft\ehome\musicThumbs.db:encryptable 0 bytes
C:\Documents and Settings\Caitlyn & Mikayla\My Documents\My Pictures\Picture\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Caitlyn & Mikayla\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\Desktop\AOL Saved PFC\America Online 8.0\ehthumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\Desktop\AOL Saved PFC\ehthumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\Desktop\ehthumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\Favorites\Body Mass Index calculator you'll like.url:favicon 198 bytes
C:\Documents and Settings\Fabienne\Favorites\Dogpile Web Search Home Page.url:favicon 1150 bytes
C:\Documents and Settings\Fabienne\Favorites\Exterior Painting - Exterior Paint - Exterior House Painting.url:favicon 1406 bytes
C:\Documents and Settings\Fabienne\Favorites\freecyclesnohomishcounty  Freecycle Snohomish County.url:favicon 1406 bytes
C:\Documents and Settings\Fabienne\Favorites\Hidden Emoticons - Yahoo! Messenger with Voice.url:favicon 2550 bytes
C:\Documents and Settings\Fabienne\Favorites\Hidden Emoticons - Yahoo! Messenger.url:favicon 6598 bytes
C:\Documents and Settings\Fabienne\Favorites\How to use your iPod to move your music to a new computer.url:favicon 7782 bytes
C:\Documents and Settings\Fabienne\Favorites\recipes\HERSHEY'S Kitchens Recipes ENGLISH TOFFEE BARS.url:favicon 894 bytes
C:\Documents and Settings\Fabienne\Favorites\recipes\Why drinking water helps with weight loss - Drink Water to Lose Weight and Burn Fat.url:favicon 1406 bytes
C:\Documents and Settings\Fabienne\Favorites\The Diatonic Harmonica Reference.url:favicon 1406 bytes
C:\Documents and Settings\Fabienne\Favorites\Web Sudoku - Billions of Free Sudoku Puzzles to Play Online.url:favicon 318 bytes
C:\Documents and Settings\Fabienne\Local Settings\Application Data\Microsoft\ehome\Image.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\Local Settings\Application Data\Microsoft\ehome\musicThumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\Local Settings\Application Data\Microsoft\ehome\Video.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Music\iTunes\iTunes Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Music\iTunes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\adriana\DSCF4187\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\adriana\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\alaska 06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\Jan 08\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\July 07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\kayla monkey\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\May 07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\mikayla and george\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\mikaylawithdad\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\nasty dead deer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\October 07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\pirate pool\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\princess\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\rocket\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\Rocket sell pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\Seattle Trip, July 2006 038\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\William\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\William 62707\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\william june 07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\House\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\House\to email\Otis, Candidate for Adoption 069\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\House\to email\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\Brian's birthday cake\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\brians trucks\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\Caitlyn vice pres\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\Christmas 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\cruise\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\dad's house\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\Dec 07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\easter 2006\Small Easter pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\easter 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\for Chuck\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\halloween 2006\HalloweenA\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\halloween 2006\HalloweenG\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\halloween 2006\HappyHalloween1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\halloween 2006\HappyHalloween3\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\halloween 2006\HappyHalloween7\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\halloween 2006\HappyHalooween5\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\halloween 2006\HGiraffeE\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\My Pictures\halloween 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\EA Games\The Sims 2\Paintings\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\EA Games\The Sims 2\SC4Terrains\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\EA Games\The Sims 2\Storytelling\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\adri\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Fabienne\My Documents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Mikayla\Favorites\NickJr.com--Play to Learn with Dora the Explorer, Blue's Clues, Little Bill and More!.url:favicon 3384 bytes
C:\Documents and Settings\Mikayla\Favorites\PLAYMOBIL® 3 Horses.url:favicon 1406 bytes
scan completed successfully
hidden files: 274

< End of report >


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:17 AM

Posted 07 September 2008 - 12:06 PM

Download the HostsXpert 4.2 - Hosts File Manager.
  • Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
=============
Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> 10c7f39c -> %SystemRoot%\system32\dkbvddtq.dll [rundll32.exe "C:\WINDOWS\system32\dkbvddtq.dll",b]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\rqroLBTl -> 
< BotCheck > -> 
[Files/Folders - Created Within 30 days]
NY -> adywkz.dll -> %SystemRoot%\System32\adywkz.dll
NY -> dkbvddtq.dll -> %SystemRoot%\System32\dkbvddtq.dll
NY -> eybshinx.dll -> %SystemRoot%\System32\eybshinx.dll
NY -> gbesenvs.dll -> %SystemRoot%\System32\gbesenvs.dll
NY -> gphfgyvg.dll -> %SystemRoot%\System32\gphfgyvg.dll
NY -> gpwdtfkl.ini -> %SystemRoot%\System32\gpwdtfkl.ini
NY -> gvygfhpg.ini -> %SystemRoot%\System32\gvygfhpg.ini
NY -> jyjeepms.dll -> %SystemRoot%\System32\jyjeepms.dll
NY -> kqcxfluq.dll -> %SystemRoot%\System32\kqcxfluq.dll
NY -> ksaerfop.dll -> %SystemRoot%\System32\ksaerfop.dll
NY -> lkftdwpg.dll -> %SystemRoot%\System32\lkftdwpg.dll
NY -> lTBLorqr.ini -> %SystemRoot%\System32\lTBLorqr.ini
NY -> lTBLorqr.ini2 -> %SystemRoot%\System32\lTBLorqr.ini2
NY -> lurjuqcn.ini -> %SystemRoot%\System32\lurjuqcn.ini
NY -> mpujgpgd.dll -> %SystemRoot%\System32\mpujgpgd.dll
NY -> neiwirwp.dll -> %SystemRoot%\System32\neiwirwp.dll
NY -> nnyppq.dll -> %SystemRoot%\System32\nnyppq.dll
NY -> ouqpxp.dll -> %SystemRoot%\System32\ouqpxp.dll
NY -> qtddvbkd.ini -> %SystemRoot%\System32\qtddvbkd.ini
NY -> rsfbckdq.dll -> %SystemRoot%\System32\rsfbckdq.dll
NY -> sbryyeis.dll -> %SystemRoot%\System32\sbryyeis.dll
NY -> sbteekwl.ini -> %SystemRoot%\System32\sbteekwl.ini
NY -> sijwohuu.ini -> %SystemRoot%\System32\sijwohuu.ini
NY -> tktubwhf.ini -> %SystemRoot%\System32\tktubwhf.ini
NY -> VELkQqss.ini -> %SystemRoot%\System32\VELkQqss.ini
NY -> VELkQqss.ini2 -> %SystemRoot%\System32\VELkQqss.ini2
NY -> wauviqpo.dll -> %SystemRoot%\System32\wauviqpo.dll
NY -> wouvpu.dll -> %SystemRoot%\System32\wouvpu.dll
NY -> wTR19 -> %SystemRoot%\System32\wTR19
NY -> xithoq.dll -> %SystemRoot%\System32\xithoq.dll
NY -> YJkknnpo.ini -> %SystemRoot%\System32\YJkknnpo.ini
NY -> YJkknnpo.ini2 -> %SystemRoot%\System32\YJkknnpo.ini2
NY -> BM13f4c000.xml -> %SystemRoot%\BM13f4c000.xml
NY -> cookies.ini -> %SystemRoot%\cookies.ini
[Files/Folders - Modified Within 30 days]
NY -> adywkz.dll -> %SystemRoot%\System32\adywkz.dll
NY -> dkbvddtq.dll -> %SystemRoot%\System32\dkbvddtq.dll
NY -> eybshinx.dll -> %SystemRoot%\System32\eybshinx.dll
NY -> gbesenvs.dll -> %SystemRoot%\System32\gbesenvs.dll
NY -> gphfgyvg.dll -> %SystemRoot%\System32\gphfgyvg.dll
NY -> gpwdtfkl.ini -> %SystemRoot%\System32\gpwdtfkl.ini
NY -> gvygfhpg.ini -> %SystemRoot%\System32\gvygfhpg.ini
NY -> jyjeepms.dll -> %SystemRoot%\System32\jyjeepms.dll
NY -> kqcxfluq.dll -> %SystemRoot%\System32\kqcxfluq.dll
NY -> ksaerfop.dll -> %SystemRoot%\System32\ksaerfop.dll
NY -> lkftdwpg.dll -> %SystemRoot%\System32\lkftdwpg.dll
NY -> lTBLorqr.ini -> %SystemRoot%\System32\lTBLorqr.ini
NY -> lTBLorqr.ini2 -> %SystemRoot%\System32\lTBLorqr.ini2
NY -> lurjuqcn.ini -> %SystemRoot%\System32\lurjuqcn.ini
NY -> mpujgpgd.dll -> %SystemRoot%\System32\mpujgpgd.dll
NY -> neiwirwp.dll -> %SystemRoot%\System32\neiwirwp.dll
NY -> nnyppq.dll -> %SystemRoot%\System32\nnyppq.dll
NY -> ouqpxp.dll -> %SystemRoot%\System32\ouqpxp.dll
NY -> qtddvbkd.ini -> %SystemRoot%\System32\qtddvbkd.ini
NY -> rsfbckdq.dll -> %SystemRoot%\System32\rsfbckdq.dll
NY -> sbryyeis.dll -> %SystemRoot%\System32\sbryyeis.dll
NY -> sbteekwl.ini -> %SystemRoot%\System32\sbteekwl.ini
NY -> sijwohuu.ini -> %SystemRoot%\System32\sijwohuu.ini
NY -> tktubwhf.ini -> %SystemRoot%\System32\tktubwhf.ini
NY -> VELkQqss.ini -> %SystemRoot%\System32\VELkQqss.ini
NY -> VELkQqss.ini2 -> %SystemRoot%\System32\VELkQqss.ini2
NY -> wauviqpo.dll -> %SystemRoot%\System32\wauviqpo.dll
NY -> wouvpu.dll -> %SystemRoot%\System32\wouvpu.dll
NY -> xejuwc.dll -> %SystemRoot%\System32\xejuwc.dll
NY -> xithoq.dll -> %SystemRoot%\System32\xithoq.dll
NY -> YJkknnpo.ini -> %SystemRoot%\System32\YJkknnpo.ini
NY -> YJkknnpo.ini2 -> %SystemRoot%\System32\YJkknnpo.ini2
NY -> BM13f4c000.xml -> %SystemRoot%\BM13f4c000.xml
NY -> cookies.ini -> %SystemRoot%\cookies.ini
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
NY -> Ebates__MoeMoney__Maker -> C:\Documents and Settings\All Users\Application Data\Ebates__MoeMoney__Maker
NY -> Winferno -> C:\Documents and Settings\All Users\Application Data\Winferno
NY -> Ebates__MoeMoney__Maker -> C:\Documents and Settings\Fabienne\Application Data\Ebates__MoeMoney__Maker
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
=====================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
======================================================
AFter that please do the following:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
==============
PLease post these logs in your next reply:
  • OT scan it results
  • MalwareBytes log
  • Rsit scan logs

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 fabienne

fabienne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 07 September 2008 - 01:53 PM

I downloaded and extracted the files from HostsXpert4.2. When I clicked "Restore MS Hosts File", I got the following error:

ERROR: Cannot Create File C:\WINDOWS\system32\DRIVERS\ETC\hosts

The program then closed itself.

Should I follow the remainder of the steps, or stop here? Could the problem be related to the firewall that I installed before creating the HJT log?

Thank you so much for your help! :thumbsup:

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:17 AM

Posted 07 September 2008 - 01:54 PM

That is fine go ahead with the rest of the instructions we will replace it later.
You are welcome :thumbsup:
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 fabienne

fabienne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 07 September 2008 - 03:45 PM

Required reboot. As I have the last several times I've rebooted, I got this message after login: Error loading c:\windows\system32\xtrmxtc.dll. Clicked OK through it.

OT Scan Results:

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\10c7f39c deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dkbvddtq.dll
C:\WINDOWS\system32\dkbvddtq.dll NOT unregistered.
C:\WINDOWS\system32\dkbvddtq.dll moved successfully.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\rqroLBTl deleted successfully.
File not found.
[Files/Folders - Created Within 30 days]
DllUnregisterServer procedure not found in C:\WINDOWS\System32\adywkz.dll
C:\WINDOWS\System32\adywkz.dll NOT unregistered.
C:\WINDOWS\System32\adywkz.dll moved successfully.
File C:\WINDOWS\System32\dkbvddtq.dll not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\eybshinx.dll
C:\WINDOWS\System32\eybshinx.dll NOT unregistered.
C:\WINDOWS\System32\eybshinx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\gbesenvs.dll
C:\WINDOWS\System32\gbesenvs.dll NOT unregistered.
C:\WINDOWS\System32\gbesenvs.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\gphfgyvg.dll
C:\WINDOWS\System32\gphfgyvg.dll NOT unregistered.
C:\WINDOWS\System32\gphfgyvg.dll moved successfully.
C:\WINDOWS\System32\gpwdtfkl.ini moved successfully.
C:\WINDOWS\System32\gvygfhpg.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\jyjeepms.dll
C:\WINDOWS\System32\jyjeepms.dll NOT unregistered.
C:\WINDOWS\System32\jyjeepms.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\kqcxfluq.dll
C:\WINDOWS\System32\kqcxfluq.dll NOT unregistered.
C:\WINDOWS\System32\kqcxfluq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ksaerfop.dll
C:\WINDOWS\System32\ksaerfop.dll NOT unregistered.
C:\WINDOWS\System32\ksaerfop.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\lkftdwpg.dll
C:\WINDOWS\System32\lkftdwpg.dll NOT unregistered.
C:\WINDOWS\System32\lkftdwpg.dll moved successfully.
C:\WINDOWS\System32\lTBLorqr.ini moved successfully.
C:\WINDOWS\System32\lTBLorqr.ini2 moved successfully.
C:\WINDOWS\System32\lurjuqcn.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\mpujgpgd.dll
C:\WINDOWS\System32\mpujgpgd.dll NOT unregistered.
C:\WINDOWS\System32\mpujgpgd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\neiwirwp.dll
C:\WINDOWS\System32\neiwirwp.dll NOT unregistered.
C:\WINDOWS\System32\neiwirwp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\nnyppq.dll
C:\WINDOWS\System32\nnyppq.dll NOT unregistered.
C:\WINDOWS\System32\nnyppq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ouqpxp.dll
C:\WINDOWS\System32\ouqpxp.dll NOT unregistered.
C:\WINDOWS\System32\ouqpxp.dll moved successfully.
C:\WINDOWS\System32\qtddvbkd.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\rsfbckdq.dll
C:\WINDOWS\System32\rsfbckdq.dll NOT unregistered.
C:\WINDOWS\System32\rsfbckdq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\sbryyeis.dll
C:\WINDOWS\System32\sbryyeis.dll NOT unregistered.
C:\WINDOWS\System32\sbryyeis.dll moved successfully.
C:\WINDOWS\System32\sbteekwl.ini moved successfully.
C:\WINDOWS\System32\sijwohuu.ini moved successfully.
C:\WINDOWS\System32\tktubwhf.ini moved successfully.
C:\WINDOWS\System32\VELkQqss.ini moved successfully.
C:\WINDOWS\System32\VELkQqss.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wauviqpo.dll
C:\WINDOWS\System32\wauviqpo.dll NOT unregistered.
C:\WINDOWS\System32\wauviqpo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wouvpu.dll
C:\WINDOWS\System32\wouvpu.dll NOT unregistered.
C:\WINDOWS\System32\wouvpu.dll moved successfully.
C:\WINDOWS\System32\wTR19 folder moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\xithoq.dll
C:\WINDOWS\System32\xithoq.dll NOT unregistered.
C:\WINDOWS\System32\xithoq.dll moved successfully.
C:\WINDOWS\System32\YJkknnpo.ini moved successfully.
C:\WINDOWS\System32\YJkknnpo.ini2 moved successfully.
C:\WINDOWS\BM13f4c000.xml moved successfully.
C:\WINDOWS\cookies.ini moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\adywkz.dll not found!
File C:\WINDOWS\System32\dkbvddtq.dll not found!
File C:\WINDOWS\System32\eybshinx.dll not found!
File C:\WINDOWS\System32\gbesenvs.dll not found!
File C:\WINDOWS\System32\gphfgyvg.dll not found!
File C:\WINDOWS\System32\gpwdtfkl.ini not found!
File C:\WINDOWS\System32\gvygfhpg.ini not found!
File C:\WINDOWS\System32\jyjeepms.dll not found!
File C:\WINDOWS\System32\kqcxfluq.dll not found!
File C:\WINDOWS\System32\ksaerfop.dll not found!
File C:\WINDOWS\System32\lkftdwpg.dll not found!
File C:\WINDOWS\System32\lTBLorqr.ini not found!
File C:\WINDOWS\System32\lTBLorqr.ini2 not found!
File C:\WINDOWS\System32\lurjuqcn.ini not found!
File C:\WINDOWS\System32\mpujgpgd.dll not found!
File C:\WINDOWS\System32\neiwirwp.dll not found!
File C:\WINDOWS\System32\nnyppq.dll not found!
File C:\WINDOWS\System32\ouqpxp.dll not found!
File C:\WINDOWS\System32\qtddvbkd.ini not found!
File C:\WINDOWS\System32\rsfbckdq.dll not found!
File C:\WINDOWS\System32\sbryyeis.dll not found!
File C:\WINDOWS\System32\sbteekwl.ini not found!
File C:\WINDOWS\System32\sijwohuu.ini not found!
File C:\WINDOWS\System32\tktubwhf.ini not found!
File C:\WINDOWS\System32\VELkQqss.ini not found!
File C:\WINDOWS\System32\VELkQqss.ini2 not found!
File C:\WINDOWS\System32\wauviqpo.dll not found!
File C:\WINDOWS\System32\wouvpu.dll not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\xejuwc.dll
C:\WINDOWS\System32\xejuwc.dll NOT unregistered.
C:\WINDOWS\System32\xejuwc.dll moved successfully.
File C:\WINDOWS\System32\xithoq.dll not found!
File C:\WINDOWS\System32\YJkknnpo.ini not found!
File C:\WINDOWS\System32\YJkknnpo.ini2 not found!
File C:\WINDOWS\BM13f4c000.xml not found!
File C:\WINDOWS\cookies.ini not found!
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\All Users\Application Data\Ebates__MoeMoney__Maker\ebmmd folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Ebates__MoeMoney__Maker folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winferno\RegPowerClean folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winferno folder moved successfully.
C:\Documents and Settings\Fabienne\Application Data\Ebates__MoeMoney__Maker\ebmmt folder moved successfully.
C:\Documents and Settings\Fabienne\Application Data\Ebates__MoeMoney__Maker\ebmmd folder moved successfully.
C:\Documents and Settings\Fabienne\Application Data\Ebates__MoeMoney__Maker folder moved successfully.
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_PqVOm1AgaKczX4o scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_xc3roX3QC1abJ3r scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 09072008_120447

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\mcmsc_PqVOm1AgaKczX4o not found!
File C:\WINDOWS\temp\mcmsc_xc3roX3QC1abJ3r not found!

MALWAREBYTES Log:

[codebox]Malwarebytes' Anti-Malware 1.26
Database version: 1125
Windows 5.1.2600 Service Pack 3

9/7/2008 12:26:20 PM
mbam-log-2008-09-07 (12-26-20).txt

Scan type: Quick Scan
Objects scanned: 58608
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm13f4c000 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Brian\Local Settings\Temp\ginstall.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM13f4c000.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
[/codebox]

RSIT will not complete- gets stuck at "performing registry dump" (tried three times, had to end with task mgr)

Thanks!

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:17 AM

Posted 07 September 2008 - 04:07 PM

Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you (it gets saved on your desktop as well ), post that log here.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 fabienne

fabienne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 07 September 2008 - 04:19 PM

[codebox]OTViewIt logfile created on: 9/7/2008 2:16:22 PM - Run 1
OTViewIt by OldTimer - Version 1.0.1.8 Folder = C:\Documents and Settings\Fabienne\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 480.77 Mb Available Physical Memory | 47.41% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 45.57 Gb Free Space | 65.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Fabienne
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

===== Processes - Non-Microsoft Only =====

[10/15/2004 07:40 PM | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) - C:\Program Files\Sygate\SPF\Smc.exe
[11/19/2003 04:48 PM | 00,032,881 | ---- | M] () - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[09/03/2008 02:07 PM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[09/07/2008 12:28 PM | 00,304,189 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\RSIT.exe

===== Win32 Services - Non-Microsoft Only =====

(SmcService) Sygate Personal Firewall [Auto | Running]
[10/15/2004 07:40 PM | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) - C:\Program Files\Sygate\SPF\Smc.exe

===== Driver Services - Non-Microsoft Only =====

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 12:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(pavboot) pavboot [Boot | Running]
[06/19/2008 05:24 PM | 00,028,544 | ---- | M] (Panda Security, S.L.) - C:\WINDOWS\system32\drivers\pavboot.sys

(SASDIFSV) SASDIFSV [System | Running]
[09/03/2008 02:07 PM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

(SASENUM) SASENUM [On_Demand | Running]
[09/03/2008 02:07 PM | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[09/03/2008 02:07 PM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(SDDMI2) SDDMI2 [On_Demand | Stopped]
File not found - C:\WINDOWS\system32\DDMI2.sys

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 01:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(Teefer) Teefer for NT [Boot | Running]
[10/15/2004 06:17 PM | 00,060,496 | ---- | M] (Sygate Technologies, Inc.) - C:\WINDOWS\system32\drivers\Teefer.sys

(wg3n) SyGate for NT, wg3n [Auto | Running]
[10/15/2004 06:32 PM | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) - C:\WINDOWS\system32\drivers\wg3n.sys

(wg4n) SyGate for NT, wg4n [Auto | Running]
[10/15/2004 06:32 PM | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) - C:\WINDOWS\system32\drivers\wg4n.sys

(wg5n) SyGate for NT, wg5n [Auto | Running]
[10/15/2004 06:32 PM | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) - C:\WINDOWS\system32\drivers\wg5n.sys

(wg6n) SyGate for NT, wg6n [Auto | Running]
[10/15/2004 06:32 PM | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) - C:\WINDOWS\system32\drivers\wg6n.sys

(wpsdrvnt) wpsdrvnt [System | Running]
[10/15/2004 06:18 PM | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) - C:\WINDOWS\system32\drivers\wpsdrvnt.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
"BrStsWnd" = C:\Program Files\Brownie\BrstsWnd.exe Autorun [07/31/2007 08:37 PM | 00,815,104 | ---- | M] (brother)
"dscactivate" = "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM | 00,016,384 | ---- | M] ( )
"DVDLauncher" = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 03:19 PM | 00,053,248 | ---- | M] (CyberLink Corp.)
"Google Desktop Search" = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
"HostManager" = C:\Program Files\Common Files\AOL\1170708985\ee\AOLSoftware.exe [04/12/2007 02:23 PM | 00,042,032 | ---- | M] (AOL LLC)
"igfxhkcmd" = C:\WINDOWS\system32\hkcmd.exe [10/14/2005 03:46 PM | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" = C:\WINDOWS\system32\igfxpers.exe [10/14/2005 03:50 PM | 00,114,688 | ---- | M] (Intel Corporation)
"igfxtray" = C:\WINDOWS\system32\igfxtray.exe [10/14/2005 03:49 PM | 00,094,208 | ---- | M] (Intel Corporation)
"ISUSPM Startup" = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [06/10/2005 09:44 AM | 00,249,856 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [06/10/2005 09:44 AM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 02:42 PM | 00,267,064 | ---- | M] (Apple Inc.)
"Lexmark 1200 Series" = "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [03/16/2006 12:07 AM | 00,057,344 | ---- | M] (Lexmark International, Inc.)
"mcagent_exe" = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey [11/01/2007 07:12 PM | 00,582,992 | ---- | M] (McAfee, Inc.)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [06/29/2007 06:24 AM | 00,286,720 | ---- | M] (Apple Inc.)
"RealTray" = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [01/31/2008 08:07 PM | 00,026,112 | ---- | M] (RealNetworks, Inc.)
"SmcService" = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui [10/15/2004 07:40 PM | 02,577,632 | ---- | M] (Sygate Technologies, Inc.)
"SunJavaUpdateSched" = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [11/19/2003 04:48 PM | 00,032,881 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [09/03/2008 02:07 PM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[02/16/2004 08:13 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[10/29/2003 01:06 AM | 00,024,576 | R--- | M] (BVRP Software) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

[Fabienne Startup Folder - C:\Documents and Settings\Fabienne\Start Menu\Programs\Startup]

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [11/03/2003 01:17 PM | 00,054,248 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}"
HKLM CLSID: (Veoh Browser Plug-in) - [06/19/2008 03:03 PM | 00,352,256 | ---- | M] (Veoh Networks Inc) C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{A8FB8EB3-183B-4598-924D-86F0E5E37085}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

========== AppInit_Dlls ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
= kbztbm.dll
>kbztbm.dll - File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" =
HKLM CLSID: (SABShellExecuteHook Class) - [05/13/2008 10:13 AM | 00,077,824 | ---- | M] (SuperAdBlocker.com) C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
"{E1872FA4-6140-4868-B088-DD5407AE96AA}" =
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
= Explorer.exe
>Explorer.exe - [04/13/2008 05:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
= C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe - [04/13/2008 05:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
= logonui.exe
>logonui.exe - [04/13/2008 05:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
= rundll32 shell32,Control_RunDLL "sysdm.cpl"
>rundll32 shell32 - [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
>Control_RunDLL "sysdm.cpl" - [04/13/2008 05:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [07/23/2008 04:28 PM | 00,352,256 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxdev.dll [10/14/2005 03:45 PM | 00,135,168 | ---- | M] (Intel Corporation)

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found
"InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 0

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[07/29/2008 08:52 AM | 00,000,050 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01146d0a-5d84-11dd-bc2a-001320d7e674}\Shell]
"" = Open

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4938ee9-b0a8-11da-bb2d-00038a000015}\Shell]
"" = None

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{6E249E1A-14B8-4B96-A360-D41084487621}]
Servers: | Description: Intel® PRO/100 VE Network Connection

========== Hosts File ==========

HOSTS File = (263876 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com



========== Files/Folders - Created Within 30 days ==========

[09/02/2008 08:53 PM | ---D | C] - C:\Temp
[09/04/2008 08:41 PM | ---D | C] - C:\f3d19b0988538154420b91e2
[09/05/2008 10:20 AM | -H-D | C] - C:\Config.Msi
[09/05/2008 10:41 PM | ---D | C] - C:\VundoFix Backups
[09/06/2008 09:38 AM | 10,634,07616 | -HS- | C] () - C:\hiberfil.sys
[09/07/2008 11:42 AM | ---D | C] - C:\HostsXpert
[09/07/2008 12:04 PM | ---D | C] - C:\_OTScanIt
[09/07/2008 12:28 PM | ---D | C] - C:\rsit
[09/05/2008 05:58 PM | 00,028,544 | ---- | C] (Panda Security, S.L.) - C:\WINDOWS\System32\drivers\pavboot.sys
[09/06/2008 06:11 PM | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) - C:\WINDOWS\System32\drivers\wg3n.sys
[09/06/2008 06:11 PM | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) - C:\WINDOWS\System32\drivers\wg4n.sys
[09/06/2008 06:11 PM | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) - C:\WINDOWS\System32\drivers\wg5n.sys
[09/06/2008 06:11 PM | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) - C:\WINDOWS\System32\drivers\wg6n.sys
[09/06/2008 06:11 PM | 00,021,075 | ---- | C] (Sygate Technologies, Inc.) - C:\WINDOWS\System32\drivers\wpsdrvnt.sys
[09/06/2008 06:11 PM | 00,060,496 | ---- | C] (Sygate Technologies, Inc.) - C:\WINDOWS\System32\drivers\Teefer.sys
[08/10/2008 02:08 PM | 00,005,672 | ---- | C] () - C:\WINDOWS\System32\quartz.vxd
[08/10/2008 02:08 PM | 00,010,240 | ---- | C] () - C:\WINDOWS\System32\vidx16.dll
[08/10/2008 02:09 PM | 00,140,800 | ---- | C] (The Duck Corporation) - C:\WINDOWS\System32\tm20dec.ax
[09/03/2008 11:29 PM | 00,041,000 | ---- | C] () - C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[09/06/2008 06:11 PM | 00,083,096 | ---- | C] (Sygate Technologies, Inc.) - C:\WINDOWS\System32\SSSensor.dll
[7 C:\WINDOWS\*.tmp files]
[09/05/2008 11:06 PM | -HSD | C] - C:\WINDOWS\CSC
[09/05/2008 03:49 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[09/07/2008 12:11 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[09/05/2008 03:48 PM | ---D | C] - C:\Documents and Settings\Fabienne\Application Data\SUPERAntiSpyware.com
[09/07/2008 12:11 PM | ---D | C] - C:\Documents and Settings\Fabienne\Application Data\Malwarebytes
[3 C:\Documents and Settings\Fabienne\My Documents\*.tmp files]
[08/21/2008 11:14 PM | 00,019,968 | ---- | C] () - C:\Documents and Settings\Fabienne\My Documents\BUDGET 82208.xls
[08/22/2008 03:24 PM | 00,017,920 | ---- | C] () - C:\Documents and Settings\Fabienne\My Documents\ww log.xls
[08/22/2008 03:29 PM | 00,015,872 | ---- | C] () - C:\Documents and Settings\Fabienne\My Documents\WEIGHT RECORD.xls
[09/05/2008 07:32 PM | ---D | C] - C:\Documents and Settings\Fabienne\My Documents\My Received Files
[09/05/2008 10:27 PM | 00,690,568 | ---- | C] (Malwarebytes ) - C:\Documents and Settings\Fabienne\My Documents\rr-free-setup.exe
[09/05/2008 11:15 PM | 00,096,978 | ---- | C] (Business Information Solutions) - C:\Documents and Settings\Fabienne\My Documents\VirtumundoBeGone.exe
[09/06/2008 06:09 PM | 05,659,648 | ---- | C] () - C:\Documents and Settings\Fabienne\My Documents\firewall.msi
[09/07/2008 08:46 AM | 00,576,581 | ---- | C] () - C:\Documents and Settings\Fabienne\My Documents\OTScanIt.exe
[09/07/2008 08:46 AM | ---D | C] - C:\Documents and Settings\Fabienne\My Documents\OTScanIt
[09/07/2008 11:45 AM | 00,353,485 | ---- | C] () - C:\Documents and Settings\Fabienne\My Documents\HostsXpert.zip
[09/07/2008 12:28 PM | 00,304,189 | ---- | C] () - C:\Documents and Settings\Fabienne\My Documents\RSIT.exe
[09/05/2008 03:48 PM | 00,000,780 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[09/05/2008 10:28 PM | 00,000,695 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\RogueRemover FREE.lnk
[09/06/2008 10:17 AM | 00,000,793 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[09/06/2008 10:17 AM | 00,000,793 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[09/07/2008 12:11 PM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/10/2008 02:12 PM | 00,001,557 | ---- | C] () - C:\Documents and Settings\Fabienne\Desktop\To Play Hype - The Time Quest.lnk
[09/05/2008 10:14 PM | 00,001,739 | ---- | C] () - C:\Documents and Settings\Fabienne\Desktop\HijackThis.lnk
[09/05/2008 11:10 PM | 00,096,978 | ---- | C] (Business Information Solutions) - C:\Documents and Settings\Fabienne\Desktop\VirtumundoBeGone.exe
[09/05/2008 03:48 PM | ---D | C] - C:\Program Files\Common Files\Wise Installation Wizard
[09/05/2008 03:48 PM | ---D | C] - C:\Program Files\SUPERAntiSpyware
[09/05/2008 05:57 PM | ---D | C] - C:\Program Files\Panda Security
[09/05/2008 09:43 PM | ---D | C] - C:\Program Files\Microsoft Silverlight
[09/05/2008 10:22 AM | ---D | C] - C:\Program Files\Windows Live Safety Center
[09/05/2008 10:28 PM | ---D | C] - C:\Program Files\RogueRemover FREE
[09/06/2008 06:10 PM | ---D | C] - C:\Program Files\Sygate
[09/07/2008 12:11 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 days ==========

[09/06/2008 09:37 AM | 00,000,210 | RHS- | M] () - C:\boot.ini
[09/07/2008 12:06 PM | 10,634,07616 | -HS- | M] () - C:\hiberfil.sys
[09/06/2008 01:33 PM | 00,263,876 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts
[4 C:\WINDOWS\System32\*.tmp files]
[08/10/2008 02:09 PM | 00,016,832 | ---- | M] () - C:\WINDOWS\System32\amcompat.tlb
[08/10/2008 02:09 PM | 00,023,392 | ---- | M] () - C:\WINDOWS\System32\nscompat.tlb
[09/02/2008 02:03 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[09/03/2008 11:29 PM | 00,041,000 | ---- | M] () - C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[09/05/2008 07:31 PM | 00,163,528 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[09/07/2008 12:07 PM | 00,003,804 | ---- | M] () - C:\WINDOWS\System32\Config.MPF
[7 C:\WINDOWS\*.tmp files]
[08/18/2008 03:07 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[09/06/2008 01:25 PM | 00,000,837 | ---- | M] () - C:\WINDOWS\wininit.ini
[09/06/2008 09:37 AM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[09/06/2008 09:37 AM | 00,000,538 | ---- | M] () - C:\WINDOWS\win.ini
[09/07/2008 11:39 AM | 00,000,250 | ---- | M] () - C:\WINDOWS\Brownie.ini
[09/07/2008 11:46 AM | 00,008,192 | -HS- | M] () - C:\WINDOWS\Thumbs.db
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
[09/07/2008 12:06 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[09/07/2008 12:06 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/15/2008 01:42 AM | 00,000,346 | ---- | M] () - C:\WINDOWS\tasks\McDefragTask.job
[09/01/2008 01:00 AM | 00,000,338 | ---- | M] () - C:\WINDOWS\tasks\McQcTask.job
[09/05/2008 11:52 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09/07/2008 09:00 AM | 00,000,386 | ---- | M] () - C:\WINDOWS\tasks\rpc.job
[09/07/2008 12:06 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[09/05/2008 05:52 PM | 00,039,008 | ---- | M] () - C:\Documents and Settings\Fabienne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[09/05/2008 10:00 PM | 00,008,704 | ---- | M] () - C:\Documents and Settings\Fabienne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09/07/2008 12:05 PM | 04,309,230 | -H-- | M] () - C:\Documents and Settings\Fabienne\Local Settings\Application Data\IconCache.db
[09/02/2008 02:02 PM | 00,000,349 | ---- | M] () - C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[3 C:\Documents and Settings\Fabienne\My Documents\*.tmp files]
[08/22/2008 03:29 PM | 00,015,872 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\WEIGHT RECORD.xls
[08/22/2008 03:29 PM | 00,017,920 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\ww log.xls
[09/05/2008 10:27 PM | 00,690,568 | ---- | M] (Malwarebytes ) - C:\Documents and Settings\Fabienne\My Documents\rr-free-setup.exe
[09/05/2008 11:15 PM | 00,096,978 | ---- | M] (Business Information Solutions) - C:\Documents and Settings\Fabienne\My Documents\VirtumundoBeGone.exe
[09/06/2008 06:10 PM | 05,659,648 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\firewall.msi
[09/06/2008 11:49 AM | 00,019,968 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\BUDGET 82208.xls
[09/07/2008 08:46 AM | 00,576,581 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\OTScanIt.exe
[09/07/2008 11:45 AM | 00,188,416 | -HS- | M] () - C:\Documents and Settings\Fabienne\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[09/07/2008 11:45 AM | 00,353,485 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\HostsXpert.zip
[09/07/2008 12:28 PM | 00,304,189 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\RSIT.exe
[09/05/2008 03:48 PM | 00,000,780 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[09/05/2008 10:28 PM | 00,000,695 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\RogueRemover FREE.lnk
[09/06/2008 10:17 AM | 00,000,793 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[09/06/2008 10:17 AM | 00,000,793 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[09/07/2008 12:11 PM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/10/2008 02:09 PM | 00,000,782 | ---- | M] () - C:\Documents and Settings\Fabienne\Desktop\Windows Media Player.lnk
[08/10/2008 02:12 PM | 00,001,557 | ---- | M] () - C:\Documents and Settings\Fabienne\Desktop\To Play Hype - The Time Quest.lnk
[09/05/2008 11:11 PM | 00,096,978 | ---- | M] (Business Information Solutions) - C:\Documents and Settings\Fabienne\Desktop\VirtumundoBeGone.exe
[09/06/2008 09:00 PM | 00,001,739 | ---- | M] () - C:\Documents and Settings\Fabienne\Desktop\HijackThis.lnk

< End of report >
[/codebox]

#10 fabienne

fabienne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 07 September 2008 - 04:20 PM

This was a second report titled "Extras.txt" produced by OTViewIt:

[codebox]OTViewIt logfile created on: 9/7/2008 2:16:22 PM - Run 1
OTViewIt by OldTimer - Version 1.0.1.8 Folder = C:\Documents and Settings\Fabienne\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 480.77 Mb Available Physical Memory | 47.41% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 45.57 Gb Free Space | 65.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Fabienne
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

===== Processes - Non-Microsoft Only =====

[10/15/2004 07:40 PM | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) - C:\Program Files\Sygate\SPF\Smc.exe
[11/19/2003 04:48 PM | 00,032,881 | ---- | M] () - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[09/03/2008 02:07 PM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[09/07/2008 12:28 PM | 00,304,189 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\RSIT.exe

===== Win32 Services - Non-Microsoft Only =====

(SmcService) Sygate Personal Firewall [Auto | Running]
[10/15/2004 07:40 PM | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) - C:\Program Files\Sygate\SPF\Smc.exe

===== Driver Services - Non-Microsoft Only =====

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 12:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(pavboot) pavboot [Boot | Running]
[06/19/2008 05:24 PM | 00,028,544 | ---- | M] (Panda Security, S.L.) - C:\WINDOWS\system32\drivers\pavboot.sys

(SASDIFSV) SASDIFSV [System | Running]
[09/03/2008 02:07 PM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

(SASENUM) SASENUM [On_Demand | Running]
[09/03/2008 02:07 PM | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[09/03/2008 02:07 PM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(SDDMI2) SDDMI2 [On_Demand | Stopped]
File not found - C:\WINDOWS\system32\DDMI2.sys

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 01:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(Teefer) Teefer for NT [Boot | Running]
[10/15/2004 06:17 PM | 00,060,496 | ---- | M] (Sygate Technologies, Inc.) - C:\WINDOWS\system32\drivers\Teefer.sys

(wg3n) SyGate for NT, wg3n [Auto | Running]
[10/15/2004 06:32 PM | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) - C:\WINDOWS\system32\drivers\wg3n.sys

(wg4n) SyGate for NT, wg4n [Auto | Running]
[10/15/2004 06:32 PM | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) - C:\WINDOWS\system32\drivers\wg4n.sys

(wg5n) SyGate for NT, wg5n [Auto | Running]
[10/15/2004 06:32 PM | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) - C:\WINDOWS\system32\drivers\wg5n.sys

(wg6n) SyGate for NT, wg6n [Auto | Running]
[10/15/2004 06:32 PM | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) - C:\WINDOWS\system32\drivers\wg6n.sys

(wpsdrvnt) wpsdrvnt [System | Running]
[10/15/2004 06:18 PM | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) - C:\WINDOWS\system32\drivers\wpsdrvnt.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
"BrStsWnd" = C:\Program Files\Brownie\BrstsWnd.exe Autorun [07/31/2007 08:37 PM | 00,815,104 | ---- | M] (brother)
"dscactivate" = "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM | 00,016,384 | ---- | M] ( )
"DVDLauncher" = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 03:19 PM | 00,053,248 | ---- | M] (CyberLink Corp.)
"Google Desktop Search" = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
"HostManager" = C:\Program Files\Common Files\AOL\1170708985\ee\AOLSoftware.exe [04/12/2007 02:23 PM | 00,042,032 | ---- | M] (AOL LLC)
"igfxhkcmd" = C:\WINDOWS\system32\hkcmd.exe [10/14/2005 03:46 PM | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" = C:\WINDOWS\system32\igfxpers.exe [10/14/2005 03:50 PM | 00,114,688 | ---- | M] (Intel Corporation)
"igfxtray" = C:\WINDOWS\system32\igfxtray.exe [10/14/2005 03:49 PM | 00,094,208 | ---- | M] (Intel Corporation)
"ISUSPM Startup" = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [06/10/2005 09:44 AM | 00,249,856 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [06/10/2005 09:44 AM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 02:42 PM | 00,267,064 | ---- | M] (Apple Inc.)
"Lexmark 1200 Series" = "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [03/16/2006 12:07 AM | 00,057,344 | ---- | M] (Lexmark International, Inc.)
"mcagent_exe" = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey [11/01/2007 07:12 PM | 00,582,992 | ---- | M] (McAfee, Inc.)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [06/29/2007 06:24 AM | 00,286,720 | ---- | M] (Apple Inc.)
"RealTray" = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [01/31/2008 08:07 PM | 00,026,112 | ---- | M] (RealNetworks, Inc.)
"SmcService" = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui [10/15/2004 07:40 PM | 02,577,632 | ---- | M] (Sygate Technologies, Inc.)
"SunJavaUpdateSched" = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [11/19/2003 04:48 PM | 00,032,881 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [09/03/2008 02:07 PM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[02/16/2004 08:13 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[10/29/2003 01:06 AM | 00,024,576 | R--- | M] (BVRP Software) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

[Fabienne Startup Folder - C:\Documents and Settings\Fabienne\Start Menu\Programs\Startup]

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [11/03/2003 01:17 PM | 00,054,248 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}"
HKLM CLSID: (Veoh Browser Plug-in) - [06/19/2008 03:03 PM | 00,352,256 | ---- | M] (Veoh Networks Inc) C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{A8FB8EB3-183B-4598-924D-86F0E5E37085}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

========== AppInit_Dlls ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
= kbztbm.dll
>kbztbm.dll - File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" =
HKLM CLSID: (SABShellExecuteHook Class) - [05/13/2008 10:13 AM | 00,077,824 | ---- | M] (SuperAdBlocker.com) C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
"{E1872FA4-6140-4868-B088-DD5407AE96AA}" =
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
= Explorer.exe
>Explorer.exe - [04/13/2008 05:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
= C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe - [04/13/2008 05:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
= logonui.exe
>logonui.exe - [04/13/2008 05:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
= rundll32 shell32,Control_RunDLL "sysdm.cpl"
>rundll32 shell32 - [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
>Control_RunDLL "sysdm.cpl" - [04/13/2008 05:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [07/23/2008 04:28 PM | 00,352,256 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxdev.dll [10/14/2005 03:45 PM | 00,135,168 | ---- | M] (Intel Corporation)

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found
"InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 0

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[07/29/2008 08:52 AM | 00,000,050 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01146d0a-5d84-11dd-bc2a-001320d7e674}\Shell]
"" = Open

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4938ee9-b0a8-11da-bb2d-00038a000015}\Shell]
"" = None

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{6E249E1A-14B8-4B96-A360-D41084487621}]
Servers: | Description: Intel® PRO/100 VE Network Connection

========== Hosts File ==========

HOSTS File = (263876 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com



========== Files/Folders - Created Within 30 days ==========

[09/02/2008 08:53 PM | ---D | C] - C:\Temp
[09/04/2008 08:41 PM | ---D | C] - C:\f3d19b0988538154420b91e2
[09/05/2008 10:20 AM | -H-D | C] - C:\Config.Msi
[09/05/2008 10:41 PM | ---D | C] - C:\VundoFix Backups
[09/06/2008 09:38 AM | 10,634,07616 | -HS- | C] () - C:\hiberfil.sys
[09/07/2008 11:42 AM | ---D | C] - C:\HostsXpert
[09/07/2008 12:04 PM | ---D | C] - C:\_OTScanIt
[09/07/2008 12:28 PM | ---D | C] - C:\rsit
[09/05/2008 05:58 PM | 00,028,544 | ---- | C] (Panda Security, S.L.) - C:\WINDOWS\System32\drivers\pavboot.sys
[09/06/2008 06:11 PM | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) - C:\WINDOWS\System32\drivers\wg3n.sys
[09/06/2008 06:11 PM | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) - C:\WINDOWS\System32\drivers\wg4n.sys
[09/06/2008 06:11 PM | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) - C:\WINDOWS\System32\drivers\wg5n.sys
[09/06/2008 06:11 PM | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) - C:\WINDOWS\System32\drivers\wg6n.sys
[09/06/2008 06:11 PM | 00,021,075 | ---- | C] (Sygate Technologies, Inc.) - C:\WINDOWS\System32\drivers\wpsdrvnt.sys
[09/06/2008 06:11 PM | 00,060,496 | ---- | C] (Sygate Technologies, Inc.) - C:\WINDOWS\System32\drivers\Teefer.sys
[08/10/2008 02:08 PM | 00,005,672 | ---- | C] () - C:\WINDOWS\System32\quartz.vxd
[08/10/2008 02:08 PM | 00,010,240 | ---- | C] () - C:\WINDOWS\System32\vidx16.dll
[08/10/2008 02:09 PM | 00,140,800 | ---- | C] (The Duck Corporation) - C:\WINDOWS\System32\tm20dec.ax
[09/03/2008 11:29 PM | 00,041,000 | ---- | C] () - C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[09/06/2008 06:11 PM | 00,083,096 | ---- | C] (Sygate Technologies, Inc.) - C:\WINDOWS\System32\SSSensor.dll
[7 C:\WINDOWS\*.tmp files]
[09/05/2008 11:06 PM | -HSD | C] - C:\WINDOWS\CSC
[09/05/2008 03:49 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[09/07/2008 12:11 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[09/05/2008 03:48 PM | ---D | C] - C:\Documents and Settings\Fabienne\Application Data\SUPERAntiSpyware.com
[09/07/2008 12:11 PM | ---D | C] - C:\Documents and Settings\Fabienne\Application Data\Malwarebytes
[3 C:\Documents and Settings\Fabienne\My Documents\*.tmp files]
[08/21/2008 11:14 PM | 00,019,968 | ---- | C] () - C:\Documents and Settings\Fabienne\My Documents\BUDGET 82208.xls
[08/22/2008 03:24 PM | 00,017,920 | ---- | C] () - C:\Documents and Settings\Fabienne\My Documents\ww log.xls
[08/22/2008 03:29 PM | 00,015,872 | ---- | C] () - C:\Documents and Settings\Fabienne\My Documents\WEIGHT RECORD.xls
[09/05/2008 07:32 PM | ---D | C] - C:\Documents and Settings\Fabienne\My Documents\My Received Files
[09/05/2008 10:27 PM | 00,690,568 | ---- | C] (Malwarebytes ) - C:\Documents and Settings\Fabienne\My Documents\rr-free-setup.exe
[09/05/2008 11:15 PM | 00,096,978 | ---- | C] (Business Information Solutions) - C:\Documents and Settings\Fabienne\My Documents\VirtumundoBeGone.exe
[09/06/2008 06:09 PM | 05,659,648 | ---- | C] () - C:\Documents and Settings\Fabienne\My Documents\firewall.msi
[09/07/2008 08:46 AM | 00,576,581 | ---- | C] () - C:\Documents and Settings\Fabienne\My Documents\OTScanIt.exe
[09/07/2008 08:46 AM | ---D | C] - C:\Documents and Settings\Fabienne\My Documents\OTScanIt
[09/07/2008 11:45 AM | 00,353,485 | ---- | C] () - C:\Documents and Settings\Fabienne\My Documents\HostsXpert.zip
[09/07/2008 12:28 PM | 00,304,189 | ---- | C] () - C:\Documents and Settings\Fabienne\My Documents\RSIT.exe
[09/05/2008 03:48 PM | 00,000,780 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[09/05/2008 10:28 PM | 00,000,695 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\RogueRemover FREE.lnk
[09/06/2008 10:17 AM | 00,000,793 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[09/06/2008 10:17 AM | 00,000,793 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[09/07/2008 12:11 PM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/10/2008 02:12 PM | 00,001,557 | ---- | C] () - C:\Documents and Settings\Fabienne\Desktop\To Play Hype - The Time Quest.lnk
[09/05/2008 10:14 PM | 00,001,739 | ---- | C] () - C:\Documents and Settings\Fabienne\Desktop\HijackThis.lnk
[09/05/2008 11:10 PM | 00,096,978 | ---- | C] (Business Information Solutions) - C:\Documents and Settings\Fabienne\Desktop\VirtumundoBeGone.exe
[09/05/2008 03:48 PM | ---D | C] - C:\Program Files\Common Files\Wise Installation Wizard
[09/05/2008 03:48 PM | ---D | C] - C:\Program Files\SUPERAntiSpyware
[09/05/2008 05:57 PM | ---D | C] - C:\Program Files\Panda Security
[09/05/2008 09:43 PM | ---D | C] - C:\Program Files\Microsoft Silverlight
[09/05/2008 10:22 AM | ---D | C] - C:\Program Files\Windows Live Safety Center
[09/05/2008 10:28 PM | ---D | C] - C:\Program Files\RogueRemover FREE
[09/06/2008 06:10 PM | ---D | C] - C:\Program Files\Sygate
[09/07/2008 12:11 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 days ==========

[09/06/2008 09:37 AM | 00,000,210 | RHS- | M] () - C:\boot.ini
[09/07/2008 12:06 PM | 10,634,07616 | -HS- | M] () - C:\hiberfil.sys
[09/06/2008 01:33 PM | 00,263,876 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts
[4 C:\WINDOWS\System32\*.tmp files]
[08/10/2008 02:09 PM | 00,016,832 | ---- | M] () - C:\WINDOWS\System32\amcompat.tlb
[08/10/2008 02:09 PM | 00,023,392 | ---- | M] () - C:\WINDOWS\System32\nscompat.tlb
[09/02/2008 02:03 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[09/03/2008 11:29 PM | 00,041,000 | ---- | M] () - C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[09/05/2008 07:31 PM | 00,163,528 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[09/07/2008 12:07 PM | 00,003,804 | ---- | M] () - C:\WINDOWS\System32\Config.MPF
[7 C:\WINDOWS\*.tmp files]
[08/18/2008 03:07 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[09/06/2008 01:25 PM | 00,000,837 | ---- | M] () - C:\WINDOWS\wininit.ini
[09/06/2008 09:37 AM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[09/06/2008 09:37 AM | 00,000,538 | ---- | M] () - C:\WINDOWS\win.ini
[09/07/2008 11:39 AM | 00,000,250 | ---- | M] () - C:\WINDOWS\Brownie.ini
[09/07/2008 11:46 AM | 00,008,192 | -HS- | M] () - C:\WINDOWS\Thumbs.db
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
[09/07/2008 12:06 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[09/07/2008 12:06 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/15/2008 01:42 AM | 00,000,346 | ---- | M] () - C:\WINDOWS\tasks\McDefragTask.job
[09/01/2008 01:00 AM | 00,000,338 | ---- | M] () - C:\WINDOWS\tasks\McQcTask.job
[09/05/2008 11:52 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09/07/2008 09:00 AM | 00,000,386 | ---- | M] () - C:\WINDOWS\tasks\rpc.job
[09/07/2008 12:06 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[09/05/2008 05:52 PM | 00,039,008 | ---- | M] () - C:\Documents and Settings\Fabienne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[09/05/2008 10:00 PM | 00,008,704 | ---- | M] () - C:\Documents and Settings\Fabienne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09/07/2008 12:05 PM | 04,309,230 | -H-- | M] () - C:\Documents and Settings\Fabienne\Local Settings\Application Data\IconCache.db
[09/02/2008 02:02 PM | 00,000,349 | ---- | M] () - C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[3 C:\Documents and Settings\Fabienne\My Documents\*.tmp files]
[08/22/2008 03:29 PM | 00,015,872 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\WEIGHT RECORD.xls
[08/22/2008 03:29 PM | 00,017,920 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\ww log.xls
[09/05/2008 10:27 PM | 00,690,568 | ---- | M] (Malwarebytes ) - C:\Documents and Settings\Fabienne\My Documents\rr-free-setup.exe
[09/05/2008 11:15 PM | 00,096,978 | ---- | M] (Business Information Solutions) - C:\Documents and Settings\Fabienne\My Documents\VirtumundoBeGone.exe
[09/06/2008 06:10 PM | 05,659,648 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\firewall.msi
[09/06/2008 11:49 AM | 00,019,968 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\BUDGET 82208.xls
[09/07/2008 08:46 AM | 00,576,581 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\OTScanIt.exe
[09/07/2008 11:45 AM | 00,188,416 | -HS- | M] () - C:\Documents and Settings\Fabienne\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[09/07/2008 11:45 AM | 00,353,485 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\HostsXpert.zip
[09/07/2008 12:28 PM | 00,304,189 | ---- | M] () - C:\Documents and Settings\Fabienne\My Documents\RSIT.exe
[09/05/2008 03:48 PM | 00,000,780 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[09/05/2008 10:28 PM | 00,000,695 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\RogueRemover FREE.lnk
[09/06/2008 10:17 AM | 00,000,793 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[09/06/2008 10:17 AM | 00,000,793 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[09/07/2008 12:11 PM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/10/2008 02:09 PM | 00,000,782 | ---- | M] () - C:\Documents and Settings\Fabienne\Desktop\Windows Media Player.lnk
[08/10/2008 02:12 PM | 00,001,557 | ---- | M] () - C:\Documents and Settings\Fabienne\Desktop\To Play Hype - The Time Quest.lnk
[09/05/2008 11:11 PM | 00,096,978 | ---- | M] (Business Information Solutions) - C:\Documents and Settings\Fabienne\Desktop\VirtumundoBeGone.exe
[09/06/2008 09:00 PM | 00,001,739 | ---- | M] () - C:\Documents and Settings\Fabienne\Desktop\HijackThis.lnk

< End of report >
[/codebox]

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:17 AM

Posted 07 September 2008 - 05:15 PM

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

Then follow the Hosts expert instructions again reboot adn let me know if you were able to finish those instructions successfully.

===========
Then:

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 fabienne

fabienne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 07 September 2008 - 10:14 PM

Hi there :thumbsup: I tried the HostsXpert in safe mode, but I got the same error as before.

Results of Kaspersky Scan:

[codebox]<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head>
<title>KASPERSKY ONLINE SCANNER 7 REPORT</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
<style type='text/css'>
.pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; }
.text { font-size:11px; font-family: Arial, Geneva, sans-serif; }
TD { font-size:11px; font-family: Arial, Geneva, sans-serif; }
</style>

</head>

<body>
<table width='100%' border='0'>
<tr align='center' bgcolor='#005447'>
<td colspan='2' height='30px' class='pagetitle'>
<b>KASPERSKY ONLINE SCANNER 7 REPORT</b>
</td>
</tr>
<tr>
<td colspan='2' height='70px'>
Sunday, September 7, 2008<br>
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)<br>
Kaspersky Online Scanner 7 version: 7.0.25.0<br>
Program database last update: Sunday, September 07, 2008 23:18:02<br>
Records in database: 1201055<br>
</td>
</tr>
<tr>
<td colspan='2' height='10px'>
</td>
</tr>
</table>
<table width='100%' border='0'>
<tr bgcolor='#EFEBDE'>
<td colspan='2' height='20px'><b>Scan settings</b></td>
</tr>
<tr>
<td height='15px' width='250px'>Scan using the following database</td>
<td>extended</td>
</tr>
<tr>
<td height='15px'>Scan archives</td>
<td>yes</td>
</tr>
<tr>
<td height='15px'>Scan mail databases</td>
<td>yes</td>
</tr>
<tr>
<td colspan='2' height='10px'>
</td>
</tr>
<tr bgcolor='#EFEBDE'>
<td height='20px'><b>Scan area</b></td>
<td>My Computer</td>
</tr>
<tr>
<td colspan='2' height='20px'>
C:\<br>
D:\<br>
E:\
</td>
</tr>
<tr>
<td colspan='2' height='10px'>
</td>
</tr>
<tr bgcolor='#EFEBDE'>
<td colspan='2' height='20px'><b>Scan statistics</b></td>
</tr>
<tr>
<td height='15px'>Files scanned</td>
<td>86503</td>
</tr>
<tr>
<td height='15px'>Threat name</td>
<td>4</td>
</tr>
<tr>
<td height='15px'>Infected objects</td>
<td>17</td>
</tr>
<tr>
<td height='15px'>Suspicious objects</td>
<td>0</td>
</tr>
<tr>
<td height='15px'>Duration of the scan</td>
<td>01:28:38</td>
</tr>
</table>
<br>
<table width='100%%' border="0">

<tr bgcolor='#EFEBDE'><td height='20px'><b>File name</b></td>
<td width='200px'><b>Threat name</b></td>
<td width='100px'><b>Threats count</b></td>
</tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\adywkz.dll</td><td>Infected: Trojan.Win32.Monder.men</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\eybshinx.dll</td><td>Infected: Trojan.Win32.Monder.mew</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\gbesenvs.dll</td><td>Infected: Trojan.Win32.Monder.men</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\gphfgyvg.dll</td><td>Infected: Trojan.Win32.Monder.mem</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\kqcxfluq.dll</td><td>Infected: Trojan.Win32.Monder.men</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\ksaerfop.dll</td><td>Infected: Trojan.Win32.Monder.mel</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\lkftdwpg.dll</td><td>Infected: Trojan.Win32.Monder.mem</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\mpujgpgd.dll</td><td>Infected: Trojan.Win32.Monder.mel</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\neiwirwp.dll</td><td>Infected: Trojan.Win32.Monder.men</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\nnyppq.dll</td><td>Infected: Trojan.Win32.Monder.men</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\ouqpxp.dll</td><td>Infected: Trojan.Win32.Monder.mew</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\rsfbckdq.dll</td><td>Infected: Trojan.Win32.Monder.men</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\sbryyeis.dll</td><td>Infected: Trojan.Win32.Monder.mew</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\wauviqpo.dll</td><td>Infected: Trojan.Win32.Monder.mel</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\wouvpu.dll</td><td>Infected: Trojan.Win32.Monder.men</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\xejuwc.dll</td><td>Infected: Trojan.Win32.Monder.mew</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\_OTScanIt\MovedFiles\09072008_120447\C_WINDOWS\system32\xithoq.dll</td><td>Infected: Trojan.Win32.Monder.men</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td colspan='3' height='20px'><b>
The selected area was scanned.</td></tr></table>
</body>
</html>
[/codebox]

Thanks!
Fabienne

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:17 AM

Posted 08 September 2008 - 04:14 AM

Hmm have you used the immunize feature within SPybot before?

Can you post a new Hijackthis log and let me know how things are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 fabienne

fabienne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 08 September 2008 - 03:18 PM

Hello,

My computer has been running a lot better- still noticing a few problems, like the error message every time I reboot. Also, just got a popup box from www.popeater.com- have not seen that before. Overall, it is much improved though!

If you've determined that my computer is infection-free, should I delete all of these programs that I have downloaded during this process?

Here is a current Hijack This log. Thanks again for all of your help.
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:14:50 PM, on 9/8/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\eHome\ehRecvr.exeC:\Program Files\Common Files\AOL\1170708985\ee\AOLSoftware.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeC:\WINDOWS\system32\ctfmon.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\eHome\ehmsas.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Trend Micro\HijackThis\Scanner.exe.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html"]http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html[/url]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.comcast.net/home.html"]http://www.comcast.net/home.html[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.yahoo.com/"]http://www.yahoo.com/[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html"]http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.yahoo.com/"]http://www.yahoo.com/[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url="http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by ComcastR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170708985\ee\AOLSoftware.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe AutorunO4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startguiO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000O8 - Extra context menu item: SnipeIt! eSnipe - [url="http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp"]http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp[/url]O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Documents and Settings\Fabienne\Application Data\Ebates__MoeMoney__Maker\ebmmt\ebmmC5.htm (file missing) (HKCU)O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - [url="http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab"]http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab[/url]O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - [url="http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab"]http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[/url]O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url="http://www.costcophotocenter.com/CostcoActivia.cab"]http://www.costcophotocenter.com/CostcoActivia.cab[/url]O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [url="http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab"]http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab[/url]O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - [url="https://10.0.1.28/Remote/msrdp.cab"]https://10.0.1.28/Remote/msrdp.cab[/url]O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [url="http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1220830245846&h=947b57f57900f7bb9e76f93814beeaee/&filename=jinstall-6u7-windows-i586-jc.cab"]http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab[/url]O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url="http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab"]http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab[/url]O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [url="http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe"]http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe[/url]O20 - AppInit_DLLs: kbztbm.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe--End of file - 10610 bytes


#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:17 AM

Posted 08 September 2008 - 08:10 PM

Nope I won't be happy until you are clean :thumbsup:
===================================
Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
You may use the download for Service Pack 2

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

=======================================
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users