Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Acting Erratic, For Weeks


  • This topic is locked This topic is locked
11 replies to this topic

#1 oldaussie

oldaussie

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 19 September 2008 - 05:12 AM

Hi guys . long time away .But I think I have struck somethin somewhere.
Initially on a nother networked PC I copped a virus /malaware etc. that caused me no end of grief. wiped out my hard drive and I suspect it carried thru to my other networked puters.. I am not sure on what type of virus I copped but I tried everything to get rid of it but I think I failed dismally..

On this Pc .My system is slow for some URL, my mouse goes haywire and even the highlighting of text to copy or delete are all haywire...The mouse cursor wont go where clicked etc .I have just changed the mouse and keyboard but still the same problem ...There are too numerous symtoms to mention so I have included my Hijack file for any of you good people to check out for me ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:53 PM, on 19/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\MDS\CALYPSO\Calypso.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myplace.westnet.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [D_V_T] "C:\\dvt.exe" /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - Startup: RegVac.lnk = C:\Program Files\RegVac Registry Cleaner\regvac.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219712047718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139620411015
O17 - HKLM\System\CCS\Services\Tcpip\..\{83650A6A-E270-499A-A740-E64989B08A51}: NameServer = 203.21.20.20,203.10.1.9
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 6017 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:31 AM

Posted 23 September 2008 - 04:52 AM

Hello, oldaussie.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you would still like help, please post a new HiJack This log below, as things may have changed on your system.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 oldaussie

oldaussie
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 23 September 2008 - 07:32 PM

:thumbsup: Hi Billy , I,m a billy 2 :_)..anyway mate here is my latest log .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:10 AM, on 24/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myplace.westnet.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [D_V_T] "C:\\dvt.exe" /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219712047718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139620411015
O17 - HKLM\System\CCS\Services\Tcpip\..\{83650A6A-E270-499A-A740-E64989B08A51}: NameServer = 203.21.20.20,203.10.1.9
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 5414 bytes

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:31 AM

Posted 24 September 2008 - 07:53 PM

Hello, oldaussie.
We need to run OTScanIt
Before running a new scan let's clean out the temporary folders.
Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • In the Rootkit Search area select Yes
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - Disabled MS Config Items
      Reg - File Associations
      Reg - Uninstall List
      File - Additional Folder Scans
  • Check the "Scan All Users" and "Include MD5" checkboxes at the top of the window.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.

In your next reply, please include the following:
  • OTScanIt Report

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 oldaussie

oldaussie
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 24 September 2008 - 08:39 PM

:thumbsup: Here we go Billy, got some reading there mate ...

OTScanIt logfile created on: 25/09/2008 9:27:52 AM
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\Administrator\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.17184)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
503.48 Mb Total Physical Memory | 195.16 Mb Available Physical Memory | 38.76% Memory free
1.20 Gb Paging File | 0.92 Gb Available in Paging File | 76.83% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 28.98 Gb Free Space | 75.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HERBY
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

[Processes - Non-Microsoft Only]
unlockerassistant.exe -> %ProgramFiles%\Unlocker\UnlockerAssistant.exe -> MD5 = 3FFE8752B77382C5050006C31781D05A |  [Ver =  | Size = 15872 bytes | Modified Date = 8/09/2006 1:19:27 AM | Attr =	]
logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> MD5 = BC2C669DF42CDA2E967FAF660E28A824 | Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 4/09/2008 12:43:44 PM | Attr =	]
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> MD5 = 8E6DD7BC88200935A6927FFC5E003D42 | Logitech Inc. [Ver = 4.00.121 | Size = 692224 bytes | Modified Date = 23/04/2007 4:00:00 AM | Attr =	]
khalmnpr.exe -> %CommonProgramFiles%\Logitech\KhalShared\KHALMNPR.exe -> MD5 = F6D01B49CEFE36286A1FD8BAE8F2D6A3 | Logitech Inc. [Ver = 4.00.101 | Size = 56080 bytes | Modified Date = 11/04/2007 3:32:22 PM | Attr =	]
mailwasher.exe -> %ProgramFiles%\FireTrust\MailWasher Pro\MailWasher.exe -> MD5 = 0EF4D93FF1F241203129317449A8368A | Firetrust Ltd [Ver = 6.2.0.0 | Size = 17418765 bytes | Modified Date = 12/08/2008 11:42:20 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(AVP) Kaspersky Anti-Virus 6.0 [Win32_Own | Auto | Stopped] ->  -> File not found
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> MD5 = CCAA27BAEB46B6369269847BA7D3C011 | PC Tools [Ver = 6, 0, 0, 3 | Size = 356920 bytes | Modified Date = 13/06/2008 3:29:14 PM | Attr =	]
(sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> MD5 = 2DE7E0425B556BBBE17CE0BAE01C7DDB | PC Tools [Ver = 6.0.0.19 | Size = 1077640 bytes | Modified Date = 25/08/2008 11:36:34 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
nod32kui -> %ProgramFiles%\ESET\nod32kui.exe ["C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE] -> MD5 = 1DB8EBBEA939FB03542574AD70F29DD6 | Eset  [Ver = 2, 70, 16  | Size = 950664 bytes | Modified Date = 5/01/2007 8:37:01 PM | Attr =	]
UnlockerAssistant -> %ProgramFiles%\Unlocker\UnlockerAssistant.exe ["C:\Program Files\Unlocker\UnlockerAssistant.exe"] -> MD5 = 3FFE8752B77382C5050006C31781D05A |  [Ver =  | Size = 15872 bytes | Modified Date = 8/09/2006 1:19:27 AM | Attr =	]
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_Run -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> MD5 = BC2C669DF42CDA2E967FAF660E28A824 | Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 4/09/2008 12:43:44 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> MD5 = 8E6DD7BC88200935A6927FFC5E003D42 | Logitech Inc. [Ver = 4.00.121 | Size = 692224 bytes | Modified Date = 23/04/2007 4:00:00 AM | Attr =	]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> MD5 = ECD5517A6633826057D4F050927DDF56 | SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 13/05/2008 10:13:36 AM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> MD5 = 12896823FB95BFB3DC9B46BCAEDC9923 | Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14/04/2008 8:12:19 AM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> MD5 = A93AEE1928A9D7CE3E16D24EC7380F89 | Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 14/04/2008 8:12:38 AM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> MD5 = 2081A5B5E4ABA206A0A8A1A97DF0FB23 | Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 14/04/2008 8:12:24 AM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> MD5 = 0CF50B1F45DAB08430C1DBB79FE2CA5B | Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 8:12:05 AM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> MD5 = C504A9FE17F997F8B1F8561D0A68DE52 | Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 14/04/2008 8:12:41 AM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500] > -> HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> MD5 = D8EDAEEAF63BBF45ED9B7A3666641C2A | SUPERAntiSpyware.com [Ver = 1, 0, 0, 1048 | Size = 352256 bytes | Modified Date = 23/07/2008 4:28:18 PM | Attr =	]
igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> MD5 = E5926BC2E9CFA7D13F05B5E5F8E9CD52 | Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 21/06/2005 4:44:12 PM | Attr =	]
klogon -> %SystemRoot%\system32\klogon.dll -> MD5 = 3F97F0F4A9A6D21A1A496C1D8FE84E4E | Kaspersky Lab [Ver = 6.0.1.411 | Size = 94314 bytes | Modified Date = 1/11/2006 5:42:54 PM | Attr =	]
WRNotifier ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500] > -> HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> MD5 = 1F4260CC5B42272D71F79E570A27A4FE | Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 14/04/2008 2:40:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< HOSTS File > (6968 bytes and 124 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1 localhost		#***Inserted By STOPzilla***
127.0.0.1 2005-search.com		# ***Inserted By STOPzilla***
127.0.0.1 600pics.com		# ***Inserted By STOPzilla***
127.0.0.1 a1.interclick.com		# ***Inserted By STOPzilla***
127.0.0.1 absolutepics.net		# ***Inserted By STOPzilla***
127.0.0.1 ad.yieldmanager.com		# ***Inserted By STOPzilla***
127.0.0.1 all-tgp.org		# ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com		# ***Inserted By STOPzilla***
127.0.0.1 apps.deskwizz.com		# ***Inserted By STOPzilla***
127.0.0.1 awmdabest.com		# ***Inserted By STOPzilla***
127.0.0.1 b.casalemedia.com		# ***Inserted By STOPzilla***
127.0.0.1 bailefunk.com		# ***Inserted By STOPzilla***
127.0.0.1 best4all.net		# ***Inserted By STOPzilla***
127.0.0.1 besthardcore.net		# ***Inserted By STOPzilla***
127.0.0.1 bins.elitemediagroup.net		# ***Inserted By STOPzilla***
127.0.0.1 bn.i-ru.net		# ***Inserted By STOPzilla***
127.0.0.1 bundleware.com		# ***Inserted By STOPzilla***
127.0.0.1 campaigns.interclick.com		# ***Inserted By STOPzilla***
127.0.0.1 code.jcash.biz		# ***Inserted By STOPzilla***
127.0.0.1 content.dollarrevenue.com		# ***Inserted By STOPzilla***
127.0.0.1 content.exetraffic.com		# ***Inserted By STOPzilla***
127.0.0.1 coolwebsearch.com		# ***Inserted By STOPzilla***
127.0.0.1 cumhereteens.com		# ***Inserted By STOPzilla***
127.0.0.1 dedmazai.com		# ***Inserted By STOPzilla***
127.0.0.1 download.abetterinternet.com		# ***Inserted By STOPzilla***
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://myplace.westnet.com.au -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapiternet Explorer settings... -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com.au/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> <local> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\] > -> -> 
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\: Main\\Default_Page_URL -> http://myplace.westnet.com.au -> 
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi085031214-1979792683-682003330 -> 
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\: Main\\Search Page -> http://www.google.com -> 
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\: Main\\Start Page -> http://www.google.com.au/ -> 
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\: ProxyEnable -> 0 -> 
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\: ProxyOverride -> <local> -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2010 domain(s) found. -> 
68 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 31 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1230 domain(s) found. -> 
72 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 31 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1230 domain(s) found. -> 
72 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 31 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1230 domain(s) found. -> 
72 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 31 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1230 domain(s) found. -> 
72 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 31 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\] > -> HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2010 domain(s) found. -> 
68 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\] > -> HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 31 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 4:16:42 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\] > -> HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> MD5 = D2CF6BB5E9020E6707B62575F8083954 | Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10/11/2005 1:22:10 PM | Attr =	]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> Reg Error: Key does not exist or could not be opened. [Web Anti-Virus] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> MD5 = D2CF6BB5E9020E6707B62575F8083954 | Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10/11/2005 1:22:10 PM | Attr =	]
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] ->  [Web Anti-Virus] -> File not found
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> MD5 = D2CF6BB5E9020E6707B62575F8083954 | Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10/11/2005 1:22:10 PM | Attr =	]
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] ->  [Web Anti-Virus] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> MD5 = D2CF6BB5E9020E6707B62575F8083954 | Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10/11/2005 1:22:10 PM | Attr =	]
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] ->  [Web Anti-Virus] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\] > -> HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> MD5 = D2CF6BB5E9020E6707B62575F8083954 | Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10/11/2005 1:22:10 PM | Attr =	]
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] ->  [Web Anti-Virus] -> File not found
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{83650A6A-E270-499A-A740-E64989B08A51} -> 203.21.20.20,203.10.1.9   (Intel(R) PRO/100 VE Network Connection) -> 
{B61AFB3E-D906-4A41-88BA-3322162BAFAB} ->	(ADMtek ADM8511 USB To Fast Ethernet Converter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> MD5 = 8EC5211CEBB1D293B9E6F552F03C0659 | Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 4/09/2008 12:43:44 PM | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}[HKEY_LOCAL_MACHINE] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab[OnlineScanner Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219712047718[WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139620411015[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
ewido security suite control -> -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{02DFF6B1-1654-411C-8D7B-FD6052EF016F} -> Apple Software Update
{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3} -> Logitech SetPoint
{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{36BD0774-6CD6-4FF9-A148-83CA09AC123E} -> Intel(R) PROSafe for Wired Connections
{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} -> Logitech Registration
{552171BC-30F8-3B29-9C4F-E3FE590B7CAC} -> Google Gears
{56918C0C-0D87-4CA6-92BF-4975A43AC719} -> KhalInstallWrapper
{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0
{8CC990CD-87C8-475C-AC32-8A7984E2FCFA} -> CDDRV_Installer
{900B1197-53F5-4F46-A882-2CFFFE2EEDCB} -> Logitech Desktop Messenger
{90AF0409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office PowerPoint Viewer 2003
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable
{AC76BA86-7AD7-1033-7B44-A70900000002} -> Adobe Reader 7.0.9
{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} -> Safari
{C9E4932C-8417-4E4C-A0E3-EE534810AB4D} -> ClearType Tuning Control Panel Applet
{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Professional
{CFB17307-B244-4EAD-AE8E-CDAF440477C2} -> OpenMG Secure Module 4.4.00
{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1 -> NOD32 FiX v2.1
{DE114695-AE58-4B66-8E0F-2505188602FB}_is1 -> Uninstall Startup Inspector
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Atomic Clock Sync -> Atomic Clock Sync
CALYPSO -> CALYPSO
DriverAgent.exe -> DriverAgent by TouchStone Software
EsetOnlineScanner -> ESET Online Scanner
HijackThis -> HijackThis 2.0.2
ie8 -> Windows Internet Explorer 8 Beta 1
InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2} -> OpenMG Secure Module 4.4.00
KB892130 -> Windows Genuine Advantage Validation Tool (KB892130)
MailWasher Pro_is1 -> MailWasher Pro
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0
NOD32 -> NOD32 antivirus system
OpenMG HotFix4.4-05-12-06-01 -> OpenMG Limited Patch 4.4-06-13-19-01
PCHealth -> 
Registry Booster_is1 -> Uniblue Registry Booster
RegVac Registry Cleaner (Registered Version)_is1 -> RegVac Registry Cleaner 5.01 (Registered Version)
Spyware Doctor -> Spyware Doctor 6.0
UltimateDefrag -> UltimateDefrag
Unlocker -> Unlocker 1.8.5
Wdf01005 -> Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Windows Media Format Runtime -> Windows Media Format Runtime
Windows XP Service Pack -> Windows XP Service Pack 3
WinRAR archiver -> WinRAR archiver
WinZip -> WinZip
Wisdom-soft ScreenHunter 4.2 Pro -> Wisdom-soft ScreenHunter 4.2 Pro
Your Uninstaller! 2008_is1 -> Your Uninstaller! 2008 Version 6.0
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
Google Chrome -> Google Chrome
< Uninstall List [HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\] > -> HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
Google Chrome -> Google Chrome


[Files/Folders - Created Within 60 days]
bktrh.gif -> %SystemRoot%\System32\dllcache\bktrh.gif -> MD5 = 0056C163E1B2856FDDB36CB15448D9E9 |  [Ver =  | Size = 999 bytes | Created Date = 26/08/2008 9:21:09 AM | Attr =	]
cloapp.gif -> %SystemRoot%\System32\dllcache\cloapp.gif -> MD5 = 4F873154EB41E4DBCF40BB6AC7C3063C |  [Ver =  | Size = 717 bytes | Created Date = 26/08/2008 9:21:09 AM | Attr =	]
cloapph.gif -> %SystemRoot%\System32\dllcache\cloapph.gif -> MD5 = 325B137AEB301DC16FDCF7970C5BD30B |  [Ver =  | Size = 760 bytes | Created Date = 26/08/2008 9:21:09 AM | Attr =	]
cnt.gif -> %SystemRoot%\System32\dllcache\cnt.gif -> MD5 = 7CDC600AD35778E537C91F53BE17FE7D |  [Ver =  | Size = 773 bytes | Created Date = 26/08/2008 9:21:09 AM | Attr =	]
cntd.gif -> %SystemRoot%\System32\dllcache\cntd.gif -> MD5 = 15C537D48D4B72D8923BAC9257FE1D9E |  [Ver =  | Size = 772 bytes | Created Date = 26/08/2008 9:21:09 AM | Attr =	]
cnth.gif -> %SystemRoot%\System32\dllcache\cnth.gif -> MD5 = 31B20C31773FC96DFD32CE369A598CE1 |  [Ver =  | Size = 773 bytes | Created Date = 26/08/2008 9:21:09 AM | Attr =	]
contents.htm -> %SystemRoot%\System32\dllcache\contents.htm -> MD5 = 70BED1574522005615A395BD6D7087B7 |  [Ver =  | Size = 8298 bytes | Created Date = 26/08/2008 9:21:10 AM | Attr =	]
controls.css -> %SystemRoot%\System32\dllcache\controls.css -> MD5 = 095AAE6F8341A83D6252E4BCDB75A58B |  [Ver =  | Size = 9585 bytes | Created Date = 26/08/2008 9:21:10 AM | Attr =	]
controls.js -> %SystemRoot%\System32\dllcache\controls.js -> MD5 = 0755AC65853CA08668610B91DC15B88E |  [Ver =  | Size = 6878 bytes | Created Date = 26/08/2008 9:21:10 AM | Attr =	]
copycd.wmv -> %SystemRoot%\System32\dllcache\copycd.wmv -> MD5 = 8C093D8E8F0B413FFA49BA4A006433E0 |  [Ver =  | Size = 381425 bytes | Created Date = 26/08/2008 9:21:10 AM | Attr =	]
events.js -> %SystemRoot%\System32\dllcache\events.js -> MD5 = 1B511530731B0B934FEC5D4CDF0C207C |  [Ver =  | Size = 5971 bytes | Created Date = 26/08/2008 9:21:16 AM | Attr =	]
mdlib.wmv -> %SystemRoot%\System32\dllcache\mdlib.wmv -> MD5 = 7E8FC3FE87CA4E7611E78105F727CCD4 |  [Ver =  | Size = 457607 bytes | Created Date = 26/08/2008 9:21:25 AM | Attr =	]
mplayer2.cnt -> %SystemRoot%\System32\dllcache\mplayer2.cnt -> MD5 = 1852CEF3EFFA739F37EE7EF9BCFE3636 |  [Ver =  | Size = 1885 bytes | Created Date = 26/08/2008 9:21:26 AM | Attr =	]
mplayer2.hlp -> %SystemRoot%\System32\dllcache\mplayer2.hlp -> MD5 = A42F2258D4FA5DB4E5918A0D66E527D5 |  [Ver =  | Size = 97117 bytes | Created Date = 26/08/2008 9:21:26 AM | Attr =	]
mplayer2.inf -> %SystemRoot%\System32\dllcache\mplayer2.inf -> MD5 = C92BE1028F12633FBE3324D1C20AA52E |  [Ver =  | Size = 18286 bytes | Created Date = 26/08/2008 9:21:26 AM | Attr =	]
mplogo.gif -> %SystemRoot%\System32\dllcache\mplogo.gif -> MD5 = 71C91B975F4183150B83803C0B53C2EA |  [Ver =  | Size = 2545 bytes | Created Date = 26/08/2008 9:21:26 AM | Attr =	]
mplogoh.gif -> %SystemRoot%\System32\dllcache\mplogoh.gif -> MD5 = C8D42C262D5C8A35516183282AAF21FF |  [Ver =  | Size = 2778 bytes | Created Date = 26/08/2008 9:21:26 AM | Attr =	]
npdrmv2.zip -> %SystemRoot%\System32\dllcache\npdrmv2.zip -> MD5 = D0AB9975792977E620A5E42B3B88A4F1 |  [Ver =  | Size = 403 bytes | Created Date = 26/08/2008 9:21:28 AM | Attr =	]
npds.zip -> %SystemRoot%\System32\dllcache\npds.zip -> MD5 = C1A05574369B552F87898FDC6124AA74 |  [Ver =  | Size = 22060 bytes | Created Date = 26/08/2008 9:21:28 AM | Attr =	]
nuskin.wmv -> %SystemRoot%\System32\dllcache\nuskin.wmv -> MD5 = CE5456B2DC3E57706CC0EBBAC810D42C |  [Ver =  | Size = 375519 bytes | Created Date = 26/08/2008 9:21:28 AM | Attr =	]
plyr_err.chm -> %SystemRoot%\System32\dllcache\plyr_err.chm -> MD5 = D911D228E3342699B7EAAA353EF31BA3 |  [Ver =  | Size = 77307 bytes | Created Date = 26/08/2008 9:21:29 AM | Attr =	]
rtuner.wmv -> %SystemRoot%\System32\dllcache\rtuner.wmv -> MD5 = ADEE613C5B14453BB97ED4B011C6A7A9 |  [Ver =  | Size = 572557 bytes | Created Date = 26/08/2008 9:21:30 AM | Attr =	]
skins.inf -> %SystemRoot%\System32\dllcache\skins.inf -> MD5 = 30A1F87E44C1B9695C6D9E48E55032C0 |  [Ver =  | Size = 908 bytes | Created Date = 26/08/2008 9:21:31 AM | Attr =	]
snd.htm -> %SystemRoot%\System32\dllcache\snd.htm -> MD5 = 1E9C4050DEBB2DD96623FAF12C8D258F |  [Ver =  | Size = 1148 bytes | Created Date = 26/08/2008 9:21:32 AM | Attr =	]
taoff.gif -> %SystemRoot%\System32\dllcache\taoff.gif -> MD5 = AD35053A4D0D833E3549A7B70B06D1DD |  [Ver =  | Size = 1380 bytes | Created Date = 26/08/2008 9:21:33 AM | Attr =	]
taoffh.gif -> %SystemRoot%\System32\dllcache\taoffh.gif -> MD5 = CC6D5547919C65B8621FEF9188618DB2 |  [Ver =  | Size = 1367 bytes | Created Date = 26/08/2008 9:21:33 AM | Attr =	]
taon.gif -> %SystemRoot%\System32\dllcache\taon.gif -> MD5 = 5A4546E7BA4268EEA661327B923D450A |  [Ver =  | Size = 1398 bytes | Created Date = 26/08/2008 9:21:33 AM | Attr =	]
taonh.gif -> %SystemRoot%\System32\dllcache\taonh.gif -> MD5 = AA21ED374149ADDD54A4833784554AFB |  [Ver =  | Size = 1380 bytes | Created Date = 26/08/2008 9:21:33 AM | Attr =	]
tour.js -> %SystemRoot%\System32\dllcache\tour.js -> MD5 = F511A82050EC93814379FF89CA07954F |  [Ver =  | Size = 3187 bytes | Created Date = 26/08/2008 9:21:34 AM | Attr =	]
tourbg.gif -> %SystemRoot%\System32\dllcache\tourbg.gif -> MD5 = 9DB147EDF5AAE0EBF235CFBBCD55D657 |  [Ver =  | Size = 23829 bytes | Created Date = 26/08/2008 9:21:34 AM | Attr =	]
tpause.gif -> %SystemRoot%\System32\dllcache\tpause.gif -> MD5 = 60C4FDC91F58AA50BE990526E700D199 |  [Ver =  | Size = 2450 bytes | Created Date = 26/08/2008 9:21:34 AM | Attr =	]
tpauseh.gif -> %SystemRoot%\System32\dllcache\tpauseh.gif -> MD5 = 7BD3A17BD7A3F4F95D4EA08660D37A54 |  [Ver =  | Size = 2371 bytes | Created Date = 26/08/2008 9:21:35 AM | Attr =	]
tplay.gif -> %SystemRoot%\System32\dllcache\tplay.gif -> MD5 = A2415E9E019C933E726F633302F13D23 |  [Ver =  | Size = 2469 bytes | Created Date = 26/08/2008 9:21:35 AM | Attr =	]
tplayh.gif -> %SystemRoot%\System32\dllcache\tplayh.gif -> MD5 = BB2CCDAABEE913F737A1DDEF3C0B4B18 |  [Ver =  | Size = 2375 bytes | Created Date = 26/08/2008 9:21:35 AM | Attr =	]
videobg.gif -> %SystemRoot%\System32\dllcache\videobg.gif -> MD5 = 595D8F164805FEB871C5CDD617430399 |  [Ver =  | Size = 17489 bytes | Created Date = 26/08/2008 9:21:37 AM | Attr =	]
vidsamp.gif -> %SystemRoot%\System32\dllcache\vidsamp.gif -> MD5 = CC5715353CB5D50BA0677797A0614D7A |  [Ver =  | Size = 5290 bytes | Created Date = 26/08/2008 9:21:37 AM | Attr =	]
viz.wmv -> %SystemRoot%\System32\dllcache\viz.wmv -> MD5 = 157EB4FFF82932BD57412F30C8BB16D8 |  [Ver =  | Size = 300969 bytes | Created Date = 26/08/2008 9:21:37 AM | Attr =	]
wm1.gif -> %SystemRoot%\System32\dllcache\wm1.gif -> MD5 = 9F08E903B9FC03B98169BA02FD491A77 |  [Ver =  | Size = 5789 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wm2.gif -> %SystemRoot%\System32\dllcache\wm2.gif -> MD5 = C90F8F6E82AC84C45C5826ACAF5152B0 |  [Ver =  | Size = 7636 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wm3.gif -> %SystemRoot%\System32\dllcache\wm3.gif -> MD5 = 74DBE2A5B92C0A4C4E8952FD2D7C54E9 |  [Ver =  | Size = 6241 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wm4.gif -> %SystemRoot%\System32\dllcache\wm4.gif -> MD5 = 0BAB4571448CDC15F7EF4E5AF7A9900E |  [Ver =  | Size = 7369 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wm5.gif -> %SystemRoot%\System32\dllcache\wm5.gif -> MD5 = 3A069C38A0940311CA339051F1DA70DB |  [Ver =  | Size = 2477 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wm6.gif -> %SystemRoot%\System32\dllcache\wm6.gif -> MD5 = 2EF8623801367D25B4938353084954B9 |  [Ver =  | Size = 6060 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wm7.gif -> %SystemRoot%\System32\dllcache\wm7.gif -> MD5 = E8FB5F09355E707A5832B1F537B0E6CA |  [Ver =  | Size = 8677 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wm8.gif -> %SystemRoot%\System32\dllcache\wm8.gif -> MD5 = 8C9D3E336F4C42F6A321AA177F37314C |  [Ver =  | Size = 4193 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wm9.gif -> %SystemRoot%\System32\dllcache\wm9.gif -> MD5 = B0F593E6B115C146D44ADD028D266A23 |  [Ver =  | Size = 7892 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmdm.inf -> %SystemRoot%\System32\dllcache\wmdm.inf -> MD5 = 4975CC430B32076347FF3B1CA039E0AB |  [Ver =  | Size = 17272 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmfsdk.inf -> %SystemRoot%\System32\dllcache\wmfsdk.inf -> MD5 = 2219EB2839F5251E38956412AB027BD7 |  [Ver =  | Size = 6769 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmpaud1.wav -> %SystemRoot%\System32\dllcache\wmpaud1.wav -> MD5 = 3AD821DCA55F57BAAF66881AA156C058 |  [Ver =  | Size = 354468 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmpaud2.wav -> %SystemRoot%\System32\dllcache\wmpaud2.wav -> MD5 = B5676C71960422ADE3AB8F335CEDF638 |  [Ver =  | Size = 86180 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmpaud3.wav -> %SystemRoot%\System32\dllcache\wmpaud3.wav -> MD5 = 9942E5446D92A930E7747B26244E98D2 |  [Ver =  | Size = 172196 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmpaud4.wav -> %SystemRoot%\System32\dllcache\wmpaud4.wav -> MD5 = 6EB76B002FD53EA7F6B834DBD4A12DAD |  [Ver =  | Size = 86180 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmpaud5.wav -> %SystemRoot%\System32\dllcache\wmpaud5.wav -> MD5 = 591F026A91BE81D24124DE0AFF8B17C1 |  [Ver =  | Size = 86196 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmpaud6.wav -> %SystemRoot%\System32\dllcache\wmpaud6.wav -> MD5 = FADDD52BAB627E35D96A3A4E36847833 |  [Ver =  | Size = 343204 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmpaud7.wav -> %SystemRoot%\System32\dllcache\wmpaud7.wav -> MD5 = 6B19CC9E0568F08071211E3FB66898DC |  [Ver =  | Size = 343204 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmpaud8.wav -> %SystemRoot%\System32\dllcache\wmpaud8.wav -> MD5 = 932A4574AEA3B14CB773EE3AF9D59543 |  [Ver =  | Size = 172196 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmpaud9.wav -> %SystemRoot%\System32\dllcache\wmpaud9.wav -> MD5 = 7024A67D634BD8A393CBA93A60E1B849 |  [Ver =  | Size = 172196 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmplay.chm -> %SystemRoot%\System32\dllcache\wmplay.chm -> MD5 = 3634C5F05765C82E2904E39E8BE7F510 |  [Ver =  | Size = 23195 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmplayer.adm -> %SystemRoot%\System32\dllcache\wmplayer.adm -> MD5 = 9780BA64FFD34694FDFA0066B907BD04 |  [Ver =  | Size = 67374 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmplayer.chm -> %SystemRoot%\System32\dllcache\wmplayer.chm -> MD5 = 81EB8644D3D4756CA5D7A86BED2E5B7E |  [Ver =  | Size = 613334 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmploc.js -> %SystemRoot%\System32\dllcache\wmploc.js -> MD5 = 736EA71F775A7DD51EAE216EB6629C0C |  [Ver =  | Size = 420 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmpocm.inf -> %SystemRoot%\System32\dllcache\wmpocm.inf -> MD5 = 54B9D0CF46BAE1AA6AA2CE3D4599D983 |  [Ver =  | Size = 855 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmptour.css -> %SystemRoot%\System32\dllcache\wmptour.css -> MD5 = D42C93EACCF97F2480726B02F52AFA8B |  [Ver =  | Size = 1771 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
wmptour.hta -> %SystemRoot%\System32\dllcache\wmptour.hta -> MD5 = F1072999AE1D11C0F77892B821741EA4 |  [Ver =  | Size = 10457 bytes | Created Date = 26/08/2008 9:21:38 AM | Attr =	]
ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> MD5 = 8E59F9BE251C8AE32A1CEB068B3F96B1 |  [Ver =  | Size = 64352 bytes | Created Date = 26/08/2008 9:19:44 AM | Attr =	]
cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty -> MD5 = 3194C32E8A2403073B812183355E25C6 |  [Ver =  | Size = 129045 bytes | Created Date = 26/08/2008 9:21:10 AM | Attr =	]
ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> MD5 = FF9F262494FC23D77A6148D49D87D2DE | PCTools Research Pty Ltd. [Ver = 5.0.2.1045 built by: WinDDK | Size = 40840 bytes | Created Date = 11/09/2008 12:23:03 PM | Attr =	]
iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> MD5 = 7E359671FD9595ECB1B0A33FB4184B19 | PCTools Research Pty Ltd. [Ver = 5.0.2.1030 | Size = 66952 bytes | Created Date = 11/09/2008 12:23:03 PM | Attr =	]
iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> MD5 = A44CB3CF3AF266665261A6E6C9CAC27C | PCTools Research Pty Ltd. [Ver = 5.0.2.1034 | Size = 81288 bytes | Created Date = 11/09/2008 12:23:03 PM | Attr =	]
kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> MD5 = 8CB1AEA5CC79397319B139171DF877A0 | PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 11/09/2008 12:23:03 PM | Attr =	]
L8042Kbd.sys -> %SystemRoot%\System32\drivers\L8042Kbd.sys -> MD5 = D88846F9F4F27AE9BE584A6E5B6B8753 | Logitech Inc. [Ver = 4.00.101.00 | Size = 20496 bytes | Created Date = 4/09/2008 12:40:14 PM | Attr =	]
LHidFilt.Sys -> %SystemRoot%\System32\drivers\LHidFilt.Sys -> MD5 = 3FA98339E8D9E007726BE62F231E2015 | Logitech, Inc. [Ver = 4.00.101.00 | Size = 34832 bytes | Created Date = 4/09/2008 12:40:12 PM | Attr =	]
LMouFilt.Sys -> %SystemRoot%\System32\drivers\LMouFilt.Sys -> MD5 = F259F758E04D8FB8D48C6CDBE45223E8 | Logitech, Inc. [Ver = 4.00.101.00 | Size = 36112 bytes | Created Date = 4/09/2008 12:40:13 PM | Attr =	]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> MD5 = D41D8CD98F00B204E9800998ECF8427E |  [Ver =  | Size = 0 bytes | Created Date = 4/09/2008 12:41:22 PM | Attr =  H ]
Msft_Kernel_LHidFilt_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf -> MD5 = D41D8CD98F00B204E9800998ECF8427E |  [Ver =  | Size = 0 bytes | Created Date = 4/09/2008 12:41:27 PM | Attr =  H ]
Msft_Kernel_LMouFilt_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf -> MD5 = D41D8CD98F00B204E9800998ECF8427E |  [Ver =  | Size = 0 bytes | Created Date = 4/09/2008 12:41:48 PM | Attr =  H ]
netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> MD5 = 905CB655E93D39C97E078A3C4C884F31 |  [Ver =  | Size = 67866 bytes | Created Date = 26/08/2008 9:21:27 AM | Attr =	]
pctfw2.sys -> %SystemRoot%\System32\drivers\pctfw2.sys -> MD5 = 4BFFF7B7E1EA80EC3AD8AE0A773701F7 | PC Tools [Ver = 4, 0, 0, 43 | Size = 160792 bytes | Created Date = 11/09/2008 12:23:08 PM | Attr =	]
bits -> %SystemRoot%\System32\bits ->  [Folder | Created Date = 26/08/2008 9:41:04 AM | Attr =	]
CNMLM83.DLL -> %SystemRoot%\System32\CNMLM83.DLL -> MD5 = FB0F2A3DEA69C9431D1D317FE11EC236 | CANON INC. [Ver = 1.95.2.20 | Size = 161792 bytes | Created Date = 29/08/2008 8:18:54 AM | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Created Date = 4/09/2008 12:40:08 PM | Attr =	]
en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 26/08/2008 9:41:04 AM | Attr =	]
en-us -> %SystemRoot%\System32\en-us ->  [Folder | Created Date = 26/08/2008 9:41:09 AM | Attr =	]
kemutb.dll -> %SystemRoot%\System32\kemutb.dll -> MD5 = 751BF557EA9A279D3EF59AA588DFFE8F | Logitech Inc. [Ver = 4.00.121 | Size = 163840 bytes | Created Date = 4/09/2008 12:39:43 PM | Attr =	]
KemUtil.dll -> %SystemRoot%\System32\KemUtil.dll -> MD5 = 3D5C33985BDD73DE332E95804DB39F08 | Logitech Inc. [Ver = 4.00.121 | Size = 135168 bytes | Created Date = 4/09/2008 12:39:43 PM | Attr =	]
KemWnd.dll -> %SystemRoot%\System32\KemWnd.dll -> MD5 = 19CB9B0DF1E3CD309EDB282CF67C3068 | Logitech Inc. [Ver = 4.00.121 | Size = 110592 bytes | Created Date = 4/09/2008 12:39:43 PM | Attr =	]
KemXML.dll -> %SystemRoot%\System32\KemXML.dll -> MD5 = 96070B7B2461FD01A3A3B1F4EB5B55FC | Logitech Inc. [Ver = 4.00.121 | Size = 69632 bytes | Created Date = 4/09/2008 12:39:43 PM | Attr =	]
mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> MD5 = 659F31E2A89F8DB329D2852BDDEE77E0 |  [Ver =  | Size = 21572 bytes | Created Date = 29/08/2008 12:31:07 PM | Attr =  H ]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 26/08/2008 9:41:07 AM | Attr =	]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Created Date = 26/08/2008 9:29:57 AM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bwUnin-8.1.1.50-8876480SL.exe -> %SystemRoot%\bwUnin-8.1.1.50-8876480SL.exe -> MD5 = 21007BD289539A3CA0D0F3653DC11258 | BackWeb Technologies Inc.						  [Ver = Version 8.1.1 (Build 50R) | Size = 127034 bytes | Created Date = 4/09/2008 12:43:42 PM | Attr = R  ]
CSC -> %SystemRoot%\CSC ->  [Folder | Created Date = 27/08/2008 3:22:34 PM | Attr =	]
ie8 -> %SystemRoot%\ie8 ->  [Folder | Created Date = 28/08/2008 9:48:46 AM | Attr =  H ]
KHALMNPR.Exe -> %SystemRoot%\KHALMNPR.Exe -> MD5 = F6D01B49CEFE36286A1FD8BAE8F2D6A3 | Logitech Inc. [Ver = 4.00.101 | Size = 56080 bytes | Created Date = 4/09/2008 12:40:13 PM | Attr =	]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 26/08/2008 9:41:05 AM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 26/08/2008 9:35:28 AM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat -> MD5 = D41D8CD98F00B204E9800998ECF8427E |  [Ver =  | Size = 0 bytes | Created Date = 27/08/2008 9:43:49 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 26/08/2008 9:48:38 AM | Attr =	]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Created Date = 26/08/2008 9:37:39 AM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Created Date = 28/08/2008 9:50:49 AM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> MD5 = BC9C5E316310D011CE69F209C68B697F |  [Ver =  | Size = 284 bytes | Created Date = 29/08/2008 12:23:25 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Apple -> %AllUsersProfile%\Application Data\Apple ->  [Folder | Created Date = 29/08/2008 12:23:19 PM | Attr =	]
Avg7 -> %AllUsersProfile%\Application Data\Avg7 ->  [Folder | Created Date = 23/08/2008 1:26:13 PM | Attr =	]
LogiShrd -> %AllUsersProfile%\Application Data\LogiShrd ->  [Folder | Created Date = 4/09/2008 12:38:08 PM | Attr =	]
Logitech -> %AllUsersProfile%\Application Data\Logitech ->  [Folder | Created Date = 4/09/2008 12:39:20 PM | Attr =	]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 27/08/2008 2:46:26 PM | Attr =	]
MDS -> %AllUsersProfile%\Application Data\MDS ->  [Folder | Created Date = 17/09/2008 8:55:18 AM | Attr =	]
PC Tools -> %AllUsersProfile%\Application Data\PC Tools ->  [Folder | Created Date = 11/09/2008 12:22:39 PM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Created Date = 27/08/2008 3:08:18 PM | Attr =	]
Apple Computer -> %AppData%\Apple Computer ->  [Folder | Created Date = 29/08/2008 12:24:41 PM | Attr =	]
InstallShield -> %AppData%\InstallShield ->  [Folder | Created Date = 4/09/2008 12:38:52 PM | Attr =	]
Logitech -> %AppData%\Logitech ->  [Folder | Created Date = 4/09/2008 12:44:18 PM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 27/08/2008 2:46:34 PM | Attr =	]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 27/08/2008 3:08:08 PM | Attr =	]
wsInspector -> %AppData%\wsInspector ->  [Folder | Created Date = 31/08/2008 8:29:52 AM | Attr =	]
Apple -> %UserProfile%\Local Settings\Application Data\Apple ->  [Folder | Created Date = 29/08/2008 12:23:24 PM | Attr =	]
Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Created Date = 29/08/2008 12:24:41 PM | Attr =	]
TouchStoneSoftware -> %UserProfile%\Local Settings\Application Data\TouchStoneSoftware ->  [Folder | Created Date = 6/09/2008 10:10:52 AM | Attr =	]
BILLSLAPPY - Shortcut.lnk -> %AllUsersProfile%\Documents\BILLSLAPPY - Shortcut.lnk -> MD5 = A17313445452AB5A98BDFD4CE0F6BFD8 |  [Ver =  | Size = 1412 bytes | Created Date = 25/09/2008 8:37:31 AM | Attr =	]
wsInspector -> %UserProfile%\My Documents\wsInspector ->  [Folder | Created Date = 22/09/2008 8:39:10 AM | Attr =	]
Logitech Mouse and Keyboard Settings.lnk -> %AllUsersProfile%\Desktop\Logitech Mouse and Keyboard Settings.lnk -> MD5 = 36E0A3A3377D30C594D3E2F86D9C5A65 |  [Ver =  | Size = 1681 bytes | Created Date = 4/09/2008 12:42:24 PM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> MD5 = 54E657FED724E53DDEFAB8BC40FE9C4B |  [Ver =  | Size = 696 bytes | Created Date = 27/08/2008 2:46:28 PM | Attr =	]
Safari.lnk -> %AllUsersProfile%\Desktop\Safari.lnk -> MD5 = F0E5A26E920CDE4465129C2900DC61B3 |  [Ver =  | Size = 1592 bytes | Created Date = 29/08/2008 12:24:20 PM | Attr =	]
Spyware Doctor.lnk -> %AllUsersProfile%\Desktop\Spyware Doctor.lnk -> MD5 = AB0E2E0E2684573B9C10F6504A1CBB8B |  [Ver =  | Size = 1637 bytes | Created Date = 11/09/2008 12:23:06 PM | Attr =	]
Australia.fbl -> %UserProfile%\Desktop\Australia.fbl -> MD5 = 626A39719873032223BCD6CC9B560D07 |  [Ver =  | Size = 76941178 bytes | Created Date = 24/09/2008 8:24:28 AM | Attr =	]
Backup Your Data.lnk -> %UserProfile%\Desktop\Backup Your Data.lnk -> MD5 = 0549F3D38536CC674F4832D21E15581A |  [Ver =  | Size = 838 bytes | Created Date = 17/09/2008 8:55:35 AM | Attr =	]
backups -> %UserProfile%\Desktop\backups ->  [Folder | Created Date = 19/09/2008 5:56:38 PM | Attr =	]
best IGO sep -> %UserProfile%\Desktop\best IGO sep ->  [Folder | Created Date = 18/09/2008 10:37:58 AM | Attr =	]
Calypso.lnk -> %UserProfile%\Desktop\Calypso.lnk -> MD5 = 16871C40179F5A470BFBDB4A479BE8D8 |  [Ver =  | Size = 716 bytes | Created Date = 17/09/2008 8:55:35 AM | Attr =	]
crypto -> %UserProfile%\Desktop\crypto ->  [Folder | Created Date = 30/08/2008 10:11:41 AM | Attr =	]
Firetrust MailWasher Pro 6.2 - Final -> %UserProfile%\Desktop\Firetrust MailWasher Pro 6.2 - Final ->  [Folder | Created Date = 17/09/2008 9:22:08 AM | Attr =	]
gps -> %UserProfile%\Desktop\gps ->  [Folder | Created Date = 24/09/2008 4:46:20 PM | Attr =	]
IGO8 -> %UserProfile%\Desktop\IGO8 ->  [Folder | Created Date = 21/09/2008 4:27:02 PM | Attr =	]
IGOju -> %UserProfile%\Desktop\IGOju ->  [Folder | Created Date = 23/09/2008 10:58:51 AM | Attr =	]
igot -> %UserProfile%\Desktop\igot ->  [Folder | Created Date = 23/09/2008 11:00:11 AM | Attr =	]
MailWasher Pro.lnk -> %UserProfile%\Desktop\MailWasher Pro.lnk -> MD5 = A3F871F7FAAA121351BE82470CE98EF8 |  [Ver =  | Size = 766 bytes | Created Date = 17/09/2008 9:22:54 AM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 25/09/2008 9:23:37 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> MD5 = A4F8F9CEAA8AE40F13AC488905F3E4DA |  [Ver =  | Size = 576581 bytes | Created Date = 25/09/2008 9:22:25 AM | Attr =	]
Startup Inspector for Windows.lnk -> %UserProfile%\Desktop\Startup Inspector for Windows.lnk -> MD5 = 84153C871825940215AD30E5BA9E7AA6 |  [Ver =  | Size = 750 bytes | Created Date = 31/08/2008 8:27:58 AM | Attr =	]
Your Uninstaller! 2008.lnk -> %UserProfile%\Desktop\Your Uninstaller! 2008.lnk -> MD5 = B2DEAC82F082DBDA5142AF73B30C8023 |  [Ver =  | Size = 798 bytes | Created Date = 10/09/2008 4:47:54 PM | Attr =	]
Logitech Desktop Messenger.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> MD5 = 3A56A8E2950A380B122E44A574A847D1 |  [Ver =  | Size = 2078 bytes | Created Date = 4/09/2008 12:43:48 PM | Attr =	]
Logitech SetPoint.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> MD5 = 6B9E4F7C6DD3D7770E0BD697F26E02B9 |  [Ver =  | Size = 1687 bytes | Created Date = 4/09/2008 12:39:44 PM | Attr =	]
LogiShared -> %CommonProgramFiles%\LogiShared ->  [Folder | Created Date = 4/09/2008 12:43:55 PM | Attr =	]
Logitech -> %CommonProgramFiles%\Logitech ->  [Folder | Created Date = 4/09/2008 12:39:11 PM | Attr =	]
PC Tools -> %CommonProgramFiles%\PC Tools ->  [Folder | Created Date = 11/09/2008 12:23:05 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 11/09/2008 10:49:56 AM | Attr =	]
Apple Software Update -> %ProgramFiles%\Apple Software Update ->  [Folder | Created Date = 29/08/2008 12:23:19 PM | Attr =	]
FireTrust -> %ProgramFiles%\FireTrust ->  [Folder | Created Date = 17/09/2008 9:22:47 AM | Attr =	]
Logitech -> %ProgramFiles%\Logitech ->  [Folder | Created Date = 4/09/2008 12:39:17 PM | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 27/08/2008 2:46:26 PM | Attr =	]
MDS -> %ProgramFiles%\MDS ->  [Folder | Created Date = 17/09/2008 8:55:18 AM | Attr =	]
Safari -> %ProgramFiles%\Safari ->  [Folder | Created Date = 29/08/2008 12:23:51 PM | Attr =	]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor ->  [Folder | Created Date = 11/09/2008 12:22:39 PM | Attr =	]
Startup Inspector for Windows -> %ProgramFiles%\Startup Inspector for Windows ->  [Folder | Created Date = 31/08/2008 8:27:57 AM | Attr =	]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware ->  [Folder | Created Date = 11/09/2008 10:50:16 AM | Attr =	]
Your Uninstaller 2008 -> %ProgramFiles%\Your Uninstaller 2008 ->  [Folder | Created Date = 10/09/2008 4:47:48 PM | Attr =	]

[Files/Folders - Modified Within 60 days]
boot.ini -> %SystemDrive%\boot.ini -> MD5 = FA579938B0733B87066546AFE951082C |  [Ver =  | Size = 211 bytes | Modified Date = 2/09/2008 8:43:09 AM | Attr = RHS]
ntldr -> %SystemDrive%\ntldr -> MD5 = C1B29B4E6EEA9510610DB2EC4D6DB160 |  [Ver =  | Size = 250048 bytes | Modified Date = 26/08/2008 9:35:11 AM | Attr = RHS]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> MD5 = A454B1FACB6F909FBC62CB1A757729C4 |  [Ver =  | Size = 20935968 bytes | Modified Date = 26/08/2008 9:46:50 AM | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> MD5 = 90A2942E2BC0328C508368816472924F |  [Ver =  | Size = 281060 bytes | Modified Date = 26/08/2008 9:46:50 AM | Attr =  HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> MD5 = 74DF55B9BC0A0095ECD27A51F2B310C1 |  [Ver =  | Size = 215584 bytes | Modified Date = 26/08/2008 9:46:50 AM | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> MD5 = FBDEA9FC77A482BFFA061AE050CD81FD |  [Ver =  | Size = 23324 bytes | Modified Date = 26/08/2008 9:46:50 AM | Attr =  HS]
ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> MD5 = FF9F262494FC23D77A6148D49D87D2DE | PCTools Research Pty Ltd. [Ver = 5.0.2.1045 built by: WinDDK | Size = 40840 bytes | Modified Date = 25/08/2008 11:36:28 AM | Attr =	]
iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> MD5 = 7E359671FD9595ECB1B0A33FB4184B19 | PCTools Research Pty Ltd. [Ver = 5.0.2.1030 | Size = 66952 bytes | Modified Date = 25/08/2008 11:36:28 AM | Attr =	]
iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> MD5 = A44CB3CF3AF266665261A6E6C9CAC27C | PCTools Research Pty Ltd. [Ver = 5.0.2.1034 | Size = 81288 bytes | Modified Date = 25/08/2008 11:36:30 AM | Attr =	]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> MD5 = D41D8CD98F00B204E9800998ECF8427E |  [Ver =  | Size = 0 bytes | Modified Date = 4/09/2008 12:41:22 PM | Attr =  H ]
Msft_Kernel_LHidFilt_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf -> MD5 = D41D8CD98F00B204E9800998ECF8427E |  [Ver =  | Size = 0 bytes | Modified Date = 4/09/2008 12:41:27 PM | Attr =  H ]
Msft_Kernel_LMouFilt_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf -> MD5 = D41D8CD98F00B204E9800998ECF8427E |  [Ver =  | Size = 0 bytes | Modified Date = 4/09/2008 12:41:48 PM | Attr =  H ]
pctfw2.sys -> %SystemRoot%\System32\drivers\pctfw2.sys -> MD5 = 4BFFF7B7E1EA80EC3AD8AE0A773701F7 | PC Tools [Ver = 4, 0, 0, 43 | Size = 160792 bytes | Modified Date = 28/07/2008 11:29:58 AM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> MD5 = B859F56CA96C63BAA7C3C5A676AB83F8 |  [Ver =  | Size = 102232 bytes | Modified Date = 26/08/2008 9:48:02 AM | Attr =	]
imon1.dat -> %SystemRoot%\System32\imon1.dat -> MD5 = 61DBD74BC05BEB615F6B18208DEA578A |  [Ver =  | Size = 47 bytes | Modified Date = 26/08/2008 9:46:47 AM | Attr =	]
mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> MD5 = 659F31E2A89F8DB329D2852BDDEE77E0 |  [Ver =  | Size = 21572 bytes | Modified Date = 29/08/2008 12:31:07 PM | Attr =  H ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> MD5 = C687248548CF7C274EE99875F46A3926 |  [Ver =  | Size = 59052 bytes | Modified Date = 11/09/2008 12:24:17 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> MD5 = 631778E03E194ECF8FC65B694BD6D5DB |  [Ver =  | Size = 393070 bytes | Modified Date = 11/09/2008 12:24:17 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> MD5 = 893DBB634841BF59EF3BB480D91D66E5 |  [Ver =  | Size = 458404 bytes | Modified Date = 11/09/2008 12:24:17 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> MD5 = A38C72858E102800A811D0158F20AC45 |  [Ver =  | Size = 12598 bytes | Modified Date = 24/09/2008 3:30:19 PM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat -> MD5 = 6A2CB42966136854F4464516FBB4AE72 |  [Ver =  | Size = 2048 bytes | Modified Date = 24/09/2008 3:30:09 PM | Attr =   S]
bwUnin-8.1.1.50-8876480SL.exe -> %SystemRoot%\bwUnin-8.1.1.50-8876480SL.exe -> MD5 = 21007BD289539A3CA0D0F3653DC11258 | BackWeb Technologies Inc.						  [Ver = Version 8.1.1 (Build 50R) | Size = 127034 bytes | Modified Date = 4/09/2008 12:43:41 PM | Attr = R  ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> MD5 = 3A593D4B7034A6A252B86DFA22B6A1AB |  [Ver =  | Size = 1374 bytes | Modified Date = 28/08/2008 9:51:19 AM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat -> MD5 = D41D8CD98F00B204E9800998ECF8427E |  [Ver =  | Size = 0 bytes | Modified Date = 27/08/2008 9:43:49 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini -> MD5 = C9DD76D0EF94637C77FF8CA5E0FB0684 |  [Ver =  | Size = 227 bytes | Modified Date = 2/09/2008 8:43:09 AM | Attr =	]
win.ini -> %SystemRoot%\win.ini -> MD5 = A64F832A6B17D2BE7B9241EB82D3F1F0 |  [Ver =  | Size = 704 bytes | Modified Date = 2/09/2008 8:43:09 AM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> MD5 = DC17DD0189B0C36D863B4DD0A036C10F |  [Ver =  | Size = 316640 bytes | Modified Date = 26/08/2008 9:52:07 AM | Attr =	]
Advanced WindowsCare.job -> %SystemRoot%\tasks\Advanced WindowsCare.job -> MD5 = 0019C299299FE2A68982ACBE10AEC048 |  [Ver =  | Size = 302 bytes | Modified Date = 24/09/2008 4:30:00 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> MD5 = BC9C5E316310D011CE69F209C68B697F |  [Ver =  | Size = 284 bytes | Modified Date = 23/09/2008 11:25:02 PM | Attr =	]
AwcUpdate.job -> %SystemRoot%\tasks\AwcUpdate.job -> MD5 = E5701D423115C718BE791C81A82461EF |  [Ver =  | Size = 314 bytes | Modified Date = 8/09/2008 8:00:00 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8 |  [Ver =  | Size = 6 bytes | Modified Date = 24/09/2008 3:30:11 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 25/11/2005 4:03:42 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> Unable to obtain MD5 |  [Ver =  | Size = 4232 bytes | Modified Date = 24/09/2008 3:40:43 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> Unable to obtain MD5 |  [Ver =  | Size = 5821 bytes | Modified Date = 24/09/2008 3:40:43 PM | Attr =	]
C:\Documents and Settings\Administrator\Local Settings\Temp\ -> C:\Documents and Settings\Administrator\Local Settings\Temp ->  [Folder | Modified Date = 25/09/2008 9:24:20 AM | Attr =	]
setpointenu.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\setpointenu.exe -> MD5 = B6BF6D1E67A3558FF6E805C292CA348B | Logitech [Ver = 2.0.5.0 | Size = 746760 bytes | Modified Date = 4/09/2008 12:44:58 PM | Attr =	]
SSUPDATE.EXE -> C:\Documents and Settings\Administrator\Local Settings\Temp\SSUPDATE.EXE -> MD5 = DE0B8DF9CAC69D14DDEA41608FF0F5F5 | SUPERAntiSpyware.com [Ver = 1, 0, 0, 1034 | Size = 158960 bytes | Modified Date = 19/08/2008 11:34:14 PM | Attr =	]
_is1AF0.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\_is1AF0.exe -> MD5 = 1108B166160D6023AF76435B074052B6 | Macrovision Corporation [Ver = 12.0.58849 | Size = 455600 bytes | Modified Date = 20/01/2007 7:46:42 PM | Attr = R  ]
14 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Administrator\Local Settings\Temp\ins1.tmp\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\ins1.tmp\ ->  [Folder | Modified Date = 4/09/2008 12:43:48 PM | Attr =	]
LDMClient.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\ins1.tmp\LDMClient.exe -> MD5 = 3102614194AB6604516EFB9B9FD552FF | Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 4244292 bytes | Modified Date = 24/01/2007 3:03:14 AM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries ->  [Folder | Modified Date = 13/09/2008 6:35:04 PM | Attr =	]
ScanningProcess.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\ScanningProcess.exe -> MD5 = 4AC6CFDCECC72D49C964B9C6041E246D | Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 13/09/2008 6:35:00 PM | Attr =	]
3 C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\*.tmp -> 
C:\Documents and Settings\Administrator\Local Settings\Temp\{9BBE3737-0B24-4D97-9594-13C3A498E9BA}\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\{9BBE3737-0B24-4D97-9594-13C3A498E9BA} ->  [Folder | Modified Date = 4/09/2008 12:42:49 PM | Attr =	]
ISSetup.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\{9BBE3737-0B24-4D97-9594-13C3A498E9BA}\ISSetup.dll -> MD5 = 2568C74F1641A592C50E4999243934FB | Macrovision Corporation [Ver = 12.0.58849 | Size = 546582 bytes | Modified Date = 24/04/2007 10:20:28 AM | Attr = R  ]
_Setup.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\{9BBE3737-0B24-4D97-9594-13C3A498E9BA}\_Setup.dll -> MD5 = 2985A79020EC96AFC2D1C8AB318B866F | Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 18/05/2006 12:21:04 AM | Attr = R  ]
C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries ->  [Folder | Modified Date = 13/09/2008 6:35:04 PM | Attr =	]
FSSync.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\FSSync.dll -> MD5 = 1BE1802D8866BF4ECB6351226ACD8DBF | Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 13/09/2008 5:41:42 PM | Attr =	]
ikave.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\ikave.dll -> MD5 = 6CE6A0233A58C24B229B323AFC617F44 |  [Ver = 5, 0, 1, 83 | Size = 65536 bytes | Modified Date = 13/09/2008 6:35:01 PM | Attr =	]
kave.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\kave.dll -> MD5 = E2520F1214D26C866B31CE9F6825DDE7 | Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 13/09/2008 5:41:44 PM | Attr =	]
kosglue-7.0.25.0.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\kosglue-7.0.25.0.dll -> MD5 = F2909BC10324C4E762FE1AEF0F540284 | Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 13/09/2008 5:41:42 PM | Attr =	]
msvcm80.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\msvcm80.dll -> MD5 = CDCC63E967D64ECE3729246720AF4FCC | Microsoft Corporation [Ver = 8.00.50727.42 | Size = 479232 bytes | Modified Date = 13/09/2008 6:34:58 PM | Attr =	]
msvcp80.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\msvcp80.dll -> MD5 = 2BC650257FB0867ABD54FD460EC2BAFC | Microsoft Corporation [Ver = 8.00.50727.42 | Size = 548864 bytes | Modified Date = 13/09/2008 6:35:02 PM | Attr =	]
msvcr80.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\msvcr80.dll -> MD5 = 16D7DDF3B659F7CF1CB9F4DCFF4219F0 | Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Modified Date = 13/09/2008 6:35:02 PM | Attr =	]
prLoader.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\prLoader.dll -> MD5 = 5172AF2D71D4E13571B62EB82AD061BE | Kaspersky Lab [Ver = 6.0.2.678 | Size = 184320 bytes | Modified Date = 13/09/2008 6:35:02 PM | Attr =	]
prremote.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\prremote.dll -> MD5 = 26D0C671F2646762DA27167A12AA9926 | Kaspersky Lab [Ver = 6.0.2.678 | Size = 90112 bytes | Modified Date = 13/09/2008 6:35:03 PM | Attr =	]
3 C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\*.tmp -> 
C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries ->  [Folder | Modified Date = 13/09/2008 6:35:04 PM | Attr =	]
_kave.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\_kave.ini -> MD5 = 084E32ABB0866C6EAFAEB9D8BE9F2F55 |  [Ver =  | Size = 102 bytes | Modified Date = 13/09/2008 6:35:01 PM | Attr =	]
3 C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> MD5 = C1267D441C41E0E3E7A337B7A377975D |  [Ver =  | Size = 21016 bytes | Modified Date = 27/08/2008 11:56:31 AM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> MD5 = 61DF061E3DD9F7A8906A87872199AC63 |  [Ver =  | Size = 4511826 bytes | Modified Date = 24/09/2008 3:29:09 PM | Attr =  H ]
BILLSLAPPY - Shortcut.lnk -> %AllUsersProfile%\Documents\BILLSLAPPY - Shortcut.lnk -> MD5 = A17313445452AB5A98BDFD4CE0F6BFD8 |  [Ver =  | Size = 1412 bytes | Modified Date = 25/09/2008 8:37:31 AM | Attr =	]
desktop.ini -> %AllUsersProfile%\Documents\desktop.ini -> MD5 = 7799FDD740A97A09D34D09073A30912D |  [Ver =  | Size = 128 bytes | Modified Date = 24/08/2008 8:58:23 AM | Attr =  HS]
desktop.ini -> %UserProfile%\My Documents\desktop.ini -> MD5 = 2EE411B655413751A5615ABBEF874CD6 |  [Ver =  | Size = 84 bytes | Modified Date = 28/08/2008 9:53:12 AM | Attr =  HS]
Logitech Mouse and Keyboard Settings.lnk -> %AllUsersProfile%\Desktop\Logitech Mouse and Keyboard Settings.lnk -> MD5 = 36E0A3A3377D30C594D3E2F86D9C5A65 |  [Ver =  | Size = 1681 bytes | Modified Date = 4/09/2008 12:42:24 PM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> MD5 = 54E657FED724E53DDEFAB8BC40FE9C4B |  [Ver =  | Size = 696 bytes | Modified Date = 27/08/2008 2:46:28 PM | Attr =	]
Safari.lnk -> %AllUsersProfile%\Desktop\Safari.lnk -> MD5 = F0E5A26E920CDE4465129C2900DC61B3 |  [Ver =  | Size = 1592 bytes | Modified Date = 29/08/2008 12:24:20 PM | Attr =	]
Spyware Doctor.lnk -> %AllUsersProfile%\Desktop\Spyware Doctor.lnk -> MD5 = AB0E2E0E2684573B9C10F6504A1CBB8B |  [Ver =  | Size = 1637 bytes | Modified Date = 11/09/2008 12:23:06 PM | Attr =	]
Australia.fbl -> %UserProfile%\Desktop\Australia.fbl -> MD5 = 626A39719873032223BCD6CC9B560D07 |  [Ver =  | Size = 76941178 bytes | Modified Date = 13/09/2008 10:37:16 AM | Attr =	]
Backup Your Data.lnk -> %UserProfile%\Desktop\Backup Your Data.lnk -> MD5 = 0549F3D38536CC674F4832D21E15581A |  [Ver =  | Size = 838 bytes | Modified Date = 17/09/2008 8:55:35 AM | Attr =	]
Calypso.lnk -> %UserProfile%\Desktop\Calypso.lnk -> MD5 = 16871C40179F5A470BFBDB4A479BE8D8 |  [Ver =  | Size = 716 bytes | Modified Date = 17/09/2008 8:55:35 AM | Attr =	]
MailWasher Pro.lnk -> %UserProfile%\Desktop\MailWasher Pro.lnk -> MD5 = A3F871F7FAAA121351BE82470CE98EF8 |  [Ver =  | Size = 766 bytes | Modified Date = 17/09/2008 9:22:54 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> MD5 = A4F8F9CEAA8AE40F13AC488905F3E4DA |  [Ver =  | Size = 576581 bytes | Modified Date = 25/09/2008 9:22:35 AM | Attr =	]
RegVac Registry Cleaner.lnk -> %UserProfile%\Desktop\RegVac Registry Cleaner.lnk -> MD5 = 84C07E355909829E2D41C744306CDB09 |  [Ver =  | Size = 693 bytes | Modified Date = 5/09/2008 6:10:21 PM | Attr =	]
Shortcut to Shared Documents.lnk -> %UserProfile%\Desktop\Shortcut to Shared Documents.lnk -> MD5 = B192AA3E99D74E280B9F6EBD42D4B6BC |  [Ver =  | Size = 434 bytes | Modified Date = 25/09/2008 8:38:07 AM | Attr =	]
Startup Inspector for Windows.lnk -> %UserProfile%\Desktop\Startup Inspector for Windows.lnk -> MD5 = 84153C871825940215AD30E5BA9E7AA6 |  [Ver =  | Size = 750 bytes | Modified Date = 31/08/2008 8:27:58 AM | Attr =	]
Your Uninstaller! 2008.lnk -> %UserProfile%\Desktop\Your Uninstaller! 2008.lnk -> MD5 = B2DEAC82F082DBDA5142AF73B30C8023 |  [Ver =  | Size = 798 bytes | Modified Date = 10/09/2008 4:47:54 PM | Attr =	]
Logitech Desktop Messenger.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> MD5 = 3A56A8E2950A380B122E44A574A847D1 |  [Ver =  | Size = 2078 bytes | Modified Date = 22/09/2008 8:39:39 AM | Attr =	]
Logitech SetPoint.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> MD5 = 6B9E4F7C6DD3D7770E0BD697F26E02B9 |  [Ver =  | Size = 1687 bytes | Modified Date = 22/09/2008 8:39:39 AM | Attr =	]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Web\Thumbs.db:encryptable 0 bytes
C:\WINDOWS\Web\Wallpaper\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\Administrator\Desktop\storage cracks\test\ui_igo8\480_234\background\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrator\Desktop\storage cracks\test\ui_igo8\480_234\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrator\Favorites\Links\Classifieds by Quokka Online.url:favicon 894 bytes
C:\Documents and Settings\Administrator\Favorites\Links\Discussions - Sharetrader  Google Groups.url:favicon 1150 bytes
C:\Documents and Settings\Administrator\Favorites\Links\HotCopper - Australian Stock Market (ASX) Forum.url:favicon 1150 bytes
C:\Documents and Settings\Administrator\Favorites\Links\http--forum.gsmhosting.com-vbb-index.php.url:favicon 1078 bytes
C:\Documents and Settings\Administrator\Favorites\Links\http--www.austech.info-.url:favicon 1406 bytes
C:\Documents and Settings\Administrator\Favorites\Links\http--www.gpsunderground.com-forums-index.php.url:favicon 2550 bytes
C:\Documents and Settings\Administrator\Favorites\Links\http--www.ipmart-forum.com-.url:favicon 3638 bytes
C:\Documents and Settings\Administrator\Favorites\Links\iGO8 Artwork - The best blog to customize your iGO8 ! diMka skin.url:favicon 3638 bytes
C:\Documents and Settings\Administrator\Favorites\Links\PPCWarez  View forum - GPS Releases.url:favicon 1150 bytes
C:\Documents and Settings\Administrator\Favorites\BleepingComputer.com - Computer Help Forums.url:favicon 1406 bytes
C:\Documents and Settings\Administrator\Favorites\Bookmarks Toolbar Folder\Computer Acting Erratic, For Weeks.url:favicon 1406 bytes
C:\Documents and Settings\Administrator\Favorites\Bookmarks Toolbar Folder\https--myaccount.centrelink.gov.au-LoginServices-source-portal-Login.jspfinalURL=http%3A%2F%2Fmyaccount.centrelink.gwy%2FLoginServices%2FAuthenticate.do.url:favicon 766 bytes
C:\Documents and Settings\Administrator\Favorites\Bookmarks Toolbar Folder\PPCWarez  View forum - GPS Releases.url:favicon 1150 bytes
C:\Documents and Settings\Administrator\Favorites\http--www.astalavista.ms-.url:favicon 2550 bytes
C:\Documents and Settings\Administrator\Favorites\PPCWarez  Index page.url:favicon 1150 bytes
C:\Documents and Settings\Administrator\Favorites\www.i-go8.com customize your iGO8 !Ultra Dimka skin radar speedcam!.url:favicon 3638 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13 94 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:C4252FE0 113 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 185 bytes
scan completed successfully
hidden files: 40

< End of report >


#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:31 AM

Posted 24 September 2008 - 09:03 PM

Hello, oldaussie.
We need to run an OTScanIt Fix
  • Please reopen Posted Image
  • Click on Posted Image
  • In the Posted Image area copy and paste in the following (Do not include the word CODE)
    [Kill Explorer]
    [Unregister Dlls]
    [Win32 Services - Non-Microsoft Only]
    YY -> (AVP) Kaspersky Anti-Virus 6.0 [Win32_Own | Auto | Stopped] -> 
    [Registry - Non-Microsoft Only]
    < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> AVG7_Run -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE]
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\] > -> HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    YN -> {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> Reg Error: Key does not exist or could not be opened. [Web Anti-Virus]
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
    YN -> CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Web Anti-Virus]
    YN -> CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
    YN -> CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Web Anti-Virus]
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
    YN -> CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Web Anti-Virus]
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\] > -> HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\Software\Microsoft\Internet Explorer\Extensions\
    YN -> CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Web Anti-Virus]
    YN -> CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
    [Files/Folders - Created Within 60 days]
    NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    [Files/Folders - Modified Within 60 days]
    NY -> _is1AF0.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\_is1AF0.exe
    NY -> 3 C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\*.tmp
    NY -> 3 C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\*.tmp
    [Extra Files]
    C:\dvt.exe
    C:\d_v_t.reg
    [Extra Registry Entries]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\D_V_T  -> 
    [Empty Temp Folders]
    [Start Explorer]
  • Press the Posted Image button.
  • Copy/Paste the resultant report in a reply here
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OtScanIt Fix Report
  • ESET OnlineScan's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 oldaussie

oldaussie
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 25 September 2008 - 02:50 AM

[Win32 Services - Non-Microsoft Only]
Service AVP stopped successfully.
Service AVP deleted successfully.
File not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVG7_Run deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1979792683-682003330-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ not found.
[Files/Folders - Created Within 60 days]
[Files/Folders - Modified Within 60 days]
C:\Documents and Settings\Administrator\Local Settings\Temp\_is1AF0.exe moved successfully.
[Extra Files]
< C:\dvt.exe >
C:\dvt.exe moved successfully.
< C:\d_v_t.reg >
C:\d_v_t.reg moved successfully.
[Extra Registry Entries]
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\D_V_T deleted successfully.
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 09252008_140728

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3469 (20080924)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=cefde14cd1bb9a409ec5b6276b98401e
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-09-25 07:37:13
# local_time=2008-09-25 03:37:13 (+0800, W. Australia Standard Time)
# country="Australia"
# osver=5.1.2600 NT Service Pack 3
# scanned=211778
# found=0
# scan_time=1673
# nod_component=NOD32MOD_WINNT_ENGLISH_BASE Build:0x11081610 (NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base)
# nod_component=NOD32MOD_WINNT_ENGLISH_INET Build:0x11081610 (NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support)
# nod_component=NOD32MOD_WINNT_ENGLISH_STANDARD Build:0x11081610 (NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:55 PM, on 25/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\ESET\nod32kui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myplace.westnet.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219712047718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139620411015
O17 - HKLM\System\CCS\Services\Tcpip\..\{83650A6A-E270-499A-A740-E64989B08A51}: NameServer = 203.21.20.20,203.10.1.9
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 5134 bytes
:thumbsup:

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:31 AM

Posted 25 September 2008 - 03:54 PM

Hello, oldaussie.
Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start -> Control Panel -> System and Maintenance -> System.
  • Select "System Protection" in the upper left hand corner.
  • Click the button marked "Create" in the bottom of the window.
  • Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Open Vista's Searchbox (on your start menu) and type in "cleanmgr.exe"
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up", and then "Delete" in the "System Restore and Shadow Copies" section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 oldaussie

oldaussie
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 25 September 2008 - 07:00 PM

:thumbsup: Thanks very much for your time Billy .. Was there any major Infections found ????

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:31 AM

Posted 25 September 2008 - 07:44 PM

Nope.. the OTSI Fix was just housekeeping :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 oldaussie

oldaussie
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 25 September 2008 - 07:51 PM

Cheers mate , catch yu later :thumbsup:

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:31 AM

Posted 25 September 2008 - 07:53 PM

Hello, oldaussie.
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users