Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bubble keeps popping up and telling me my computer is infected


  • Please log in to reply
8 replies to this topic

#1 tigerthunder

tigerthunder

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 26 October 2008 - 11:02 AM

have this little bubble that keeps poping up and telling me my computer is infected, but i think its the infection?

thank you in advance you all are a life saver

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:54 AM, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\I8kfanGUI\i8kfangui.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\i8kfangui.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {3759252A-7748-4DBE-AD87-AE8CE8D244D6} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {B79A9CFB-D5BB-4268-817A-592369A3E917} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {B9C1644D-47B6-405D-9EB2-9DED17903595} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191626053394
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 9919 bytes


thank you

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:04 AM

Posted 26 October 2008 - 12:36 PM

Hello tigerthunder

Welcome to BleepingComputer :thumbsup:
========================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      FIle - Lop check
      File - Purity Scan
      Under Basic scans:
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Attach the information back here. I will review it when it comes in.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 tigerthunder

tigerthunder
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 27 October 2008 - 08:24 AM

here you go thank you for your help and quick responce

OTScanIt logfile created on: 10/27/2008 9:14:47 AM
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\Justin\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
767.23 Mb Total Physical Memory | 414.13 Mb Available Physical Memory | 53.98% Memory free
1.83 Gb Paging File | 1.48 Gb Available in Paging File | 80.63% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.91 Gb Total Space | 15.42 Gb Free Space | 55.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 283.45 Gb Free Space | 95.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Justin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

[Processes - Non-Microsoft Only]
smc.exe -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]
pctspk.exe -> %SystemRoot%\SYSTEM32\pctspk.exe ->  [Ver = 1, 0, 0, 1 | Size = 163840 bytes | Modified Date = 2/24/2003 4:35:12 PM | Attr =	]
dsentry.exe -> %SystemRoot%\SYSTEM32\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 0, 0 | Size = 28672 bytes | Modified Date = 7/17/2002 11:18:06 AM | Attr =	]
directcd.exe -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.3.4.21 | Size = 684032 bytes | Modified Date = 12/17/2002 1:28:00 PM | Attr =	]
support.exe -> %CommonProgramFiles%\Dell\EUSW\Support.exe -> Dell [Ver = 2, 1, 1, 0 | Size = 323584 bytes | Modified Date = 5/27/2004 9:05:42 PM | Attr =	]
sm1bg.exe -> %SystemRoot%\SM1bg.exe -> Cypress Semiconductor [Ver = 6.01.1000.0  | Size = 94208 bytes | Modified Date = 8/27/2003 3:20:00 PM | Attr = R  ]
brastk.exe -> %SystemRoot%\SYSTEM32\brastk.exe ->  [Ver =  | Size = 10240 bytes | Modified Date = 10/23/2008 10:11:16 AM | Attr =	]
nclaunch.exe -> %SystemRoot%\NCLAUNCH.EXe -> Northern Codeworks [Ver = 1, 0, 0, 1591 | Size = 40960 bytes | Modified Date = 12/2/2003 7:00:57 PM | Attr =	]
i8kfangui.exe -> %ProgramFiles%\I8kfanGUI\I8kfanGUI.exe -> Christian Diefer [Ver = 2.2.0 | Size = 524288 bytes | Modified Date = 1/24/2004 10:26:44 AM | Attr =	]
qwdlls.exe -> %ProgramFiles%\QUICKENW\QWDLLS.EXE -> Intuit [Ver = 001.000.000.000 | Size = 36864 bytes | Modified Date = 7/31/2001 9:59:50 PM | Attr =	]
ubbmonitor.exe -> %ProgramFiles%\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe -> ArcSoft, Inc. [Ver = 1.0.0.6 | Size = 270336 bytes | Modified Date = 6/6/2007 11:35:02 AM | Attr =	]
wpc11cfg.exe -> %ProgramFiles%\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe -> Cisco-Linksys, LLC. [Ver = 2.1.0.4 | Size = 4784640 bytes | Modified Date = 11/14/2003 4:38:02 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe ->  [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 2/17/2005 10:55:52 PM | Attr =	]
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> File not found

[Driver Services - Non-Microsoft Only]
(Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\afc.sys -> Arcsoft, Inc. [Ver = 1, 0, 0, 2 | Size = 11776 bytes | Modified Date = 2/23/2005 2:58:56 PM | Attr =	]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 11000 bytes | Modified Date = 5/30/2007 8:10:42 AM | Attr =	]
(BWNDIS5) BWNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\BWNDIS5.SYS -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Justin\LOCALS~1\Temp\catchme.sys -> File not found
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> Roxio [Ver = 6.2.0.132  | Size = 67024 bytes | Modified Date = 10/22/2003 9:15:02 PM | Attr =	]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\cdralw2k.sys -> Roxio [Ver = 6.2.0.132  | Size = 24698 bytes | Modified Date = 10/22/2003 9:15:02 PM | Attr =	]
(cdudf_xp) cdudf_xp [File_System | System | Running] -> %SystemRoot%\System32\drivers\cdudf_xp.sys -> Roxio [Ver = 5.3.4.21 built by: WinDDK | Size = 241152 bytes | Modified Date = 12/17/2002 1:27:32 PM | Attr =	]
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\Dvd_2k.sys -> Roxio [Ver = 5.3.4.59 | Size = 25898 bytes | Modified Date = 8/11/2003 11:27:30 AM | Attr =	]
(fanio) FanIO driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\fanio.sys -> CD [Ver = 1.5 built by: WinDDK | Size = 17792 bytes | Modified Date = 8/5/2003 5:18:35 PM | Attr =	]
(gpibclsb) GPIB Board Class Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\gpibclsb.sys -> File not found
(gpibclsd) GPIB Device Class Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\gpibclsd.sys -> File not found
(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wATV03nt.sys -> File not found
(lbrtfdc) TOSHIBA PCMCIA floppy controller driver (Type A) [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\lbrtfdc.sys -> Toshiba Corp. [Ver = Version 5.10.3 (xpsp.080413-2108) | Size = 34688 bytes | Modified Date = 4/13/2008 2:40:26 PM | Attr =	]
(LSWPCv4) Wireless-B Notebook Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\rtl8180.sys -> Realtek Semiconductor Corporation							[Ver = 5.158.1001.2003 built by: WinDDK | Size = 184832 bytes | Modified Date = 10/1/2003 10:54:46 AM | Attr =	]
(MaVctrl) MaVctrl [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\MaVc2K.sys -> Mobile Action Technology Inc. [Ver = 1, 1, 2, 1 | Size = 11473 bytes | Modified Date = 8/18/2005 11:44:44 AM | Attr =	]
(mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Mmc_2k.sys -> Roxio [Ver = 5.3.4.59 | Size = 30630 bytes | Modified Date = 8/11/2003 11:27:30 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 2:52:12 PM | Attr =	]
(PCANDIS5) PCANDIS5 Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\PCANDIS5.SYS -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.00.13.49 | Size = 16068 bytes | Modified Date = 10/15/2000 6:38:54 PM | Attr =	]
(Ptserial) W2K Pctel Serial Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ptserial.sys -> PCTEL, INC. [Ver = 2.50.47 | Size = 135292 bytes | Modified Date = 2/24/2003 4:30:02 PM | Attr =	]
(pwd_2k) pwd_2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\pwd_2K.sys -> Roxio [Ver = 5.3.4.59 | Size = 143834 bytes | Modified Date = 8/11/2003 11:27:30 AM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 3:07:44 PM | Attr =	]
(Teefer) Teefer for NT [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 10/15/2004 6:17:02 PM | Attr =	]
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %SystemRoot%\System32\drivers\udfreadr_xp.sys -> Roxio [Ver = 5.3.4.60 built by: WinDDK | Size = 206464 bytes | Modified Date = 8/11/2003 11:27:30 AM | Attr =	]
(Vmodem) W2k Vmodem [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\vmodem.sys -> PCTEL, INC. [Ver = 2.50.50 | Size = 690973 bytes | Modified Date = 5/30/2003 6:50:46 PM | Attr =	]
(Vpctcom) W2k Vpctcom [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\vpctcom.sys -> PCtel, Inc. [Ver = 2.50-9K | Size = 477403 bytes | Modified Date = 5/30/2003 7:45:16 PM | Attr =	]
(Vvoice) W2k Vvoice [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\vvoice.sys -> PCtel, Inc. [Ver = 3.53.00 | Size = 66111 bytes | Modified Date = 5/28/2003 1:08:12 PM | Attr =	]
(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:38 PM | Attr =	]
(wg4n) SyGate for NT, wg4n [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:40 PM | Attr =	]
(wg5n) SyGate for NT, wg5n [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:42 PM | Attr =	]
(wg6n) SyGate for NT, wg6n [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:44 PM | Attr =	]
(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 10/15/2004 6:18:46 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AdaptecDirectCD -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe ["C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"] -> Roxio [Ver = 5.3.4.21 | Size = 684032 bytes | Modified Date = 12/17/2002 1:28:00 PM | Attr =	]
Apoint -> %ProgramFiles%\Apoint\Apoint.exe [C:\Program Files\Apoint\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 5.4.101.113 | Size = 143360 bytes | Modified Date = 8/22/2002 8:28:14 PM | Attr =	]
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 1, 0, 0 | Size = 111936 bytes | Modified Date = 9/3/2008 8:12:50 PM | Attr =	]
brastk -> %SystemRoot%\SYSTEM32\brastk.exe [C:\WINDOWS\system32\brastk.exe] ->  [Ver =  | Size = 10240 bytes | Modified Date = 10/23/2008 10:11:16 AM | Attr =	]
DVDSentry -> %SystemRoot%\SYSTEM32\DSentry.exe [C:\WINDOWS\System32\DSentry.exe] -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 0, 0 | Size = 28672 bytes | Modified Date = 7/17/2002 11:18:06 AM | Attr =	]
DwlClient -> %CommonProgramFiles%\Dell\EUSW\Support.exe [C:\Program Files\Common Files\Dell\EUSW\Support.exe] -> Dell [Ver = 2, 1, 1, 0 | Size = 323584 bytes | Modified Date = 5/27/2004 9:05:42 PM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 8.0.1.11 | Size = 289576 bytes | Modified Date = 10/1/2008 6:57:12 PM | Attr =	]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> McAfee, Inc. [Ver = 9,0,286,0 | Size = 641208 bytes | Modified Date = 7/11/2008 6:48:54 PM | Attr =	]
NvCplDaemon -> %SystemRoot%\SYSTEM32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.6742 | Size = 4632576 bytes | Modified Date = 10/26/2004 1:01:00 PM | Attr =	]
nwiz -> %SystemRoot%\SYSTEM32\nwiz.exe [nwiz.exe /installquiet] -> NVIDIA Corporation [Ver = 6.14.10.6742 | Size = 921600 bytes | Modified Date = 10/26/2004 1:01:00 PM | Attr =	]
PCTVOICE -> %SystemRoot%\SYSTEM32\pctspk.exe [pctspk.exe] ->  [Ver = 1, 0, 0, 1 | Size = 163840 bytes | Modified Date = 2/24/2003 4:35:12 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.5.5 (990.7) | Size = 413696 bytes | Modified Date = 9/6/2008 3:09:14 PM | Attr =	]
REGSHAVE -> %ProgramFiles%\REGSHAVE\Regshave.exe [C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN] -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2/4/2002 10:32:10 PM | Attr =	]
SM1BG -> %SystemRoot%\SM1bg.exe [C:\WINDOWS\SM1BG.EXE] -> Cypress Semiconductor [Ver = 6.01.1000.0  | Size = 94208 bytes | Modified Date = 8/27/2003 3:20:00 PM | Attr = R  ]
SmcService -> %ProgramFiles%\Sygate\SPF\Smc.exe [C:\PROGRA~1\Sygate\SPF\smc.exe -startgui] -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 5/16/2006 8:33:53 PM | Attr =	]
ZingSpooler -> %CommonProgramFiles%\Zing\ZingSpooler.exe [C:\Program Files\Common Files\Zing\ZingSpooler.exe] -> Sony Electronics Inc. [Ver = 4, 3, 2, 20802 | Size = 200704 bytes | Modified Date = 8/2/2002 4:39:32 PM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
brastk -> %SystemRoot%\SYSTEM32\brastk.exe [C:\WINDOWS\system32\brastk.exe] ->  [Ver =  | Size = 10240 bytes | Modified Date = 10/23/2008 10:11:16 AM | Attr =	]
i8kfangui -> %ProgramFiles%\I8kfanGUI\I8kfanGUI.exe [C:\Program Files\I8kfanGUI\i8kfangui.exe /startup] -> Christian Diefer [Ver = 2.2.0 | Size = 524288 bytes | Modified Date = 1/24/2004 10:26:44 AM | Attr =	]
NCLaunch -> %SystemRoot%\NCLAUNCH.EXe [C:\WINDOWS\NCLAUNCH.EXe] -> Northern Codeworks [Ver = 1, 0, 0, 1591 | Size = 40960 bytes | Modified Date = 12/2/2003 7:00:57 PM | Attr =	]
< Run [HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\] > -> HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
brastk -> %SystemRoot%\SYSTEM32\brastk.exe [C:\WINDOWS\system32\brastk.exe] ->  [Ver =  | Size = 10240 bytes | Modified Date = 10/23/2008 10:11:16 AM | Attr =	]
i8kfangui -> %ProgramFiles%\I8kfanGUI\I8kfanGUI.exe [C:\Program Files\I8kfanGUI\i8kfangui.exe /startup] -> Christian Diefer [Ver = 2.2.0 | Size = 524288 bytes | Modified Date = 1/24/2004 10:26:44 AM | Attr =	]
NCLaunch -> %SystemRoot%\NCLAUNCH.EXe [C:\WINDOWS\NCLAUNCH.EXe] -> Northern Codeworks [Ver = 1, 0, 0, 1591 | Size = 40960 bytes | Modified Date = 12/2/2003 7:00:57 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 4:06:48 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Billminder.lnk -> %ProgramFiles%\QUICKENW\BILLMIND.EXE -> Intuit [Ver = 008.000.000.000 | Size = 36864 bytes | Modified Date = 7/31/2001 9:59:20 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Quicken Startup.lnk -> %ProgramFiles%\QUICKENW\QWDLLS.EXE -> Intuit [Ver = 001.000.000.000 | Size = 36864 bytes | Modified Date = 7/31/2001 9:59:50 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk -> %ProgramFiles%\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe -> ArcSoft, Inc. [Ver = 1.0.0.6 | Size = 270336 bytes | Modified Date = 6/6/2007 11:35:02 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Wireless-B Notebook Adapter Utility.lnk -> %ProgramFiles%\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe -> Cisco-Linksys, LLC. [Ver = 2.1.0.4 | Size = 4784640 bytes | Modified Date = 11/14/2003 4:38:02 AM | Attr =	]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Justin Startup Folder > -> C:\Documents and Settings\Justin\Start Menu\Programs\Startup -> 
< Tammy Startup Folder > -> C:\Documents and Settings\Tammy\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 8:29:58 AM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 8:12:19 PM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\SYSTEM32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\SYSTEM32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 8:12:24 PM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\SYSTEM32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\SYSTEM32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 8:12:41 PM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007] > -> HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007] > -> HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\SYSTEM32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 2:40:46 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 9/3/2002 9:59:58 AM | Attr =  HS]
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1	   localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.comcast.net/ -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dellnet.com -> 
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dellnet.com -> 
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\] > -> -> 
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\: Main\\Search Page -> http://www.google.com -> 
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\: Main\\Start Page -> http://www.comcast.net/ -> 
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\: Search\\SearchAssistant -> http://www.google.com -> 
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\: ProxyEnable -> 0 -> 
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\] > -> HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\] > -> HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\] > -> HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
{40D41A8B-D79B-43d7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 1/1/2005 3:12:20 PM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
WebBrowser\\{F5735C15-1FB2-41FE-BA12-242757E69DDE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\] > -> HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
WebBrowser\\{F5735C15-1FB2-41FE-BA12-242757E69DDE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 9/15/2008 2:25:44 PM | Attr = RHS]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
{3759252A-7748-4DBE-AD87-AE8CE8D244D6}\\ButtonText [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{3759252A-7748-4DBE-AD87-AE8CE8D244D6}\\CLSID [HKEY_LOCAL_MACHINE] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{3759252A-7748-4DBE-AD87-AE8CE8D244D6}\\Default Visible [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{3759252A-7748-4DBE-AD87-AE8CE8D244D6}\\Exec [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{3759252A-7748-4DBE-AD87-AE8CE8D244D6}\\HotIcon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{3759252A-7748-4DBE-AD87-AE8CE8D244D6}\\Icon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B79A9CFB-D5BB-4268-817A-592369A3E917}\\ButtonText [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B79A9CFB-D5BB-4268-817A-592369A3E917}\\CLSID [HKEY_LOCAL_MACHINE] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{B79A9CFB-D5BB-4268-817A-592369A3E917}\\Default Visible [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B79A9CFB-D5BB-4268-817A-592369A3E917}\\Exec [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B79A9CFB-D5BB-4268-817A-592369A3E917}\\HotIcon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B79A9CFB-D5BB-4268-817A-592369A3E917}\\Icon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B9C1644D-47B6-405D-9EB2-9DED17903595}\\ButtonText [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B9C1644D-47B6-405D-9EB2-9DED17903595}\\CLSID [HKEY_LOCAL_MACHINE] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{B9C1644D-47B6-405D-9EB2-9DED17903595}\\Default Visible [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B9C1644D-47B6-405D-9EB2-9DED17903595}\\Exec [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B9C1644D-47B6-405D-9EB2-9DED17903595}\\HotIcon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B9C1644D-47B6-405D-9EB2-9DED17903595}\\Icon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{1FCAD22D-3FC8-4811-A247-9EBA202F01CE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{3759252A-7748-4DBE-AD87-AE8CE8D244D6} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{7B9AA385-667F-44ff-8594-0319270C21D9} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B79A9CFB-D5BB-4268-817A-592369A3E917} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B9C1644D-47B6-405D-9EB2-9DED17903595} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Google Search -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
&Translate English Word -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
Backward Links -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
Similar Pages -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\] > -> HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\Software\Microsoft\Internet Explorer\Extensions\ -> 
{3759252A-7748-4DBE-AD87-AE8CE8D244D6}\\ButtonText [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{3759252A-7748-4DBE-AD87-AE8CE8D244D6}\\CLSID [HKEY_LOCAL_MACHINE] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{3759252A-7748-4DBE-AD87-AE8CE8D244D6}\\Default Visible [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{3759252A-7748-4DBE-AD87-AE8CE8D244D6}\\Exec [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{3759252A-7748-4DBE-AD87-AE8CE8D244D6}\\HotIcon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{3759252A-7748-4DBE-AD87-AE8CE8D244D6}\\Icon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B79A9CFB-D5BB-4268-817A-592369A3E917}\\ButtonText [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B79A9CFB-D5BB-4268-817A-592369A3E917}\\CLSID [HKEY_LOCAL_MACHINE] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{B79A9CFB-D5BB-4268-817A-592369A3E917}\\Default Visible [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B79A9CFB-D5BB-4268-817A-592369A3E917}\\Exec [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B79A9CFB-D5BB-4268-817A-592369A3E917}\\HotIcon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B79A9CFB-D5BB-4268-817A-592369A3E917}\\Icon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B9C1644D-47B6-405D-9EB2-9DED17903595}\\ButtonText [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B9C1644D-47B6-405D-9EB2-9DED17903595}\\CLSID [HKEY_LOCAL_MACHINE] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{B9C1644D-47B6-405D-9EB2-9DED17903595}\\Default Visible [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B9C1644D-47B6-405D-9EB2-9DED17903595}\\Exec [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B9C1644D-47B6-405D-9EB2-9DED17903595}\\HotIcon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{B9C1644D-47B6-405D-9EB2-9DED17903595}\\Icon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{1FCAD22D-3FC8-4811-A247-9EBA202F01CE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{3759252A-7748-4DBE-AD87-AE8CE8D244D6} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{7B9AA385-667F-44ff-8594-0319270C21D9} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B79A9CFB-D5BB-4268-817A-592369A3E917} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B9C1644D-47B6-405D-9EB2-9DED17903595} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\] > -> HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Google Search -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
&Translate English Word -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
Backward Links -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
Similar Pages -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R  ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{7E62E977-1F1A-47B7-8B2B-38869191DD8C} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
{825DE767-FDB2-408B-9420-942E14769851} ->	(1394 Net Adapter) -> 
{FE7A2ED4-ED08-4D81-8428-FD119B357A41} ->	(Wireless-B Notebook Adapter) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 8/29/2008 9:53:50 AM | Attr =	]
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?LinkID=39204[Windows Genuine Advantage Validation Tool] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab[McAfee.com Operating System Class] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191626053394[WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/website.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/website.dll\\.Owner -> {7AA32FC7-133B-4AE7-998E-CED0D9829B12} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/website.dll\\{7AA32FC7-133B-4AE7-998E-CED0D9829B12} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/unicows.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/wuweb.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 8:12:00 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 8:11:56 PM | Attr =	]
msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 8:12:00 PM | Attr =	]
schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr =	]
wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 8:12:08 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 8:12:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 27 5B AB 34 27 69 18 B8 27 C6 ED E3 A1 1C 87 6B 33 33 61 33 34 63 30 30 00 00 00 00 01 00 00 00 B4 01 00 00 B8 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 EC 86 18 49  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 54 3C 80 C1 AD BA ED 7E 86  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> B6 9F 51 7B 6D 07  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 40 84 73 70 CB E8 2F C6 84 40 91 D3 70 D2 62 F1  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 30 AA 9A 85 F5 24 C9 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 30729 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\network diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [C:\WINDOWS\network diagnostic\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> BitTorrent, Inc. [Ver = 1.8.1.12639 | Size = 270128 bytes | Modified Date = 10/9/2008 1:23:19 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,5,11 | Size = 238888 bytes | Modified Date = 8/29/2008 10:18:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> McAfee, Inc. [Ver = 3,0,193,0 | Size = 2482848 bytes | Modified Date = 7/18/2008 8:02:52 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 8.0.1.11 | Size = 14258472 bytes | Modified Date = 10/1/2008 6:57:04 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{97D249FD-CC53-4DC9-B24B-5F1CEA6F1B7F} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{0FB45A73-DA56-4F4B-BAFC-0ABCFF970E44} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{7D86DFA4-7289-4133-B5DC-520665F92E4D} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{67FDCA0D-8703-42DB-8911-70BCD3E13F6F} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{C9D518F0-BC44-4E80-9EAB-F0925AAD951D} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 8:12:11 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> 0 -> 


[Files/Folders - Created Within 30 days]
brastk.exe -> %SystemRoot%\System32\brastk.exe ->  [Ver =  | Size = 10240 bytes | Created Date = 10/23/2008 10:11:16 AM | Attr =	]
en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 10/2/2008 5:03:53 PM | Attr =	]
7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 10/2/2008 5:03:59 PM | Attr =	]
Thru -> %SystemRoot%\System32\Thru ->  [Folder | Created Date = 10/21/2008 9:48:39 PM | Attr =	]
wini101952.exe -> %SystemRoot%\System32\wini101952.exe ->  [Ver = 1, 0, 0, 1 | Size = 60578 bytes | Created Date = 10/26/2008 2:43:56 PM | Attr =	]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 10/2/2008 5:03:54 PM | Attr =	]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 10/26/2008 7:41:03 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 10/2/2008 9:16:19 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> %AllUsersProfile%\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ->  [Folder | Created Date = 10/13/2008 12:16:30 PM | Attr =	]
Oberon Media -> %UserProfile%\My Documents\Oberon Media ->  [Folder | Created Date = 9/27/2008 2:31:13 PM | Attr =	]
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk ->  [Ver =  | Size = 2137 bytes | Created Date = 10/13/2008 12:18:34 PM | Attr =	]
Ad-Aware.lnk -> %UserProfile%\Desktop\Ad-Aware.lnk ->  [Ver =  | Size = 811 bytes | Created Date = 10/23/2008 2:59:33 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 10/27/2008 9:12:17 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 10/27/2008 9:06:28 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 10/23/2008 2:58:50 PM | Attr =	]
AntiSpywareXP2009 -> %ProgramFiles%\AntiSpywareXP2009 ->  [Folder | Created Date = 10/26/2008 2:44:30 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 804564992 bytes | Modified Date = 10/26/2008 2:27:47 PM | Attr =  HS]
3 C:\*.tmp files -> C:\*.tmp -> 
NTLDR -> %SystemDrive%\NTLDR ->  [Ver =  | Size = 250048 bytes | Modified Date = 10/2/2008 4:51:46 PM | Attr = RHS]
7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
brastk.exe -> %SystemRoot%\System32\brastk.exe ->  [Ver =  | Size = 10240 bytes | Modified Date = 10/23/2008 10:11:16 AM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 180240 bytes | Modified Date = 10/17/2008 3:14:35 AM | Attr =	]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 17112 bytes | Modified Date = 10/26/2008 2:40:22 PM | Attr =	]
nvModes.001 -> %SystemRoot%\System32\nvModes.001 ->  [Ver =  | Size = 17192 bytes | Modified Date = 10/26/2008 2:40:21 PM | Attr =	]
nvModes.dat -> %SystemRoot%\System32\nvModes.dat ->  [Ver =  | Size = 17192 bytes | Modified Date = 10/10/2008 12:47:18 PM | Attr =	]
PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT ->  [Ver =  | Size = 53166 bytes | Modified Date = 10/2/2008 9:21:31 PM | Attr =	]
PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT ->  [Ver =  | Size = 380918 bytes | Modified Date = 10/2/2008 9:21:31 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 439558 bytes | Modified Date = 10/2/2008 9:21:30 PM | Attr =	]
wini101952.exe -> %SystemRoot%\System32\wini101952.exe ->  [Ver = 1, 0, 0, 1 | Size = 60578 bytes | Modified Date = 10/26/2008 2:43:56 PM | Attr =	]
WPA.DBL -> %SystemRoot%\System32\WPA.DBL ->  [Ver =  | Size = 1170 bytes | Modified Date = 10/26/2008 2:39:16 PM | Attr =	]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 10/26/2008 2:27:50 PM | Attr =   S]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1393 bytes | Modified Date = 10/17/2008 3:07:21 AM | Attr =	]
QUICKEN.INI -> %SystemRoot%\QUICKEN.INI ->  [Ver =  | Size = 1382 bytes | Modified Date = 10/24/2008 10:39:55 AM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 10/23/2008 10:33:04 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 10/26/2008 2:28:04 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 8/14/2003 7:47:36 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 10/27/2008 3:01:24 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4646 bytes | Modified Date = 10/27/2008 3:01:24 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data ->  [Folder | Modified Date = 8/20/2003 10:25:22 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 3804 bytes | Modified Date = 9/28/2003 10:38:27 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 143872 bytes | Modified Date = 10/17/2008 7:16:31 PM | Attr =	]
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk ->  [Ver =  | Size = 2137 bytes | Modified Date = 10/24/2008 7:25:45 PM | Attr =	]
Ad-Aware.lnk -> %UserProfile%\Desktop\Ad-Aware.lnk ->  [Ver =  | Size = 811 bytes | Modified Date = 10/23/2008 2:59:33 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 10/27/2008 9:06:29 AM | Attr =	]

[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
Application Data -> C:\Documents and Settings\All Users\Application Data ->  [Folder | Modified Date = 10/13/2008 12:16:30 PM | Attr = RH ]
{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ->  [Folder | Modified Date = 10/13/2008 12:17:30 PM | Attr =	]
Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe ->  [Folder | Modified Date = 9/16/2008 9:38:08 PM | Attr =	]
Apple -> C:\Documents and Settings\All Users\Application Data\Apple ->  [Folder | Modified Date = 7/29/2007 9:33:37 AM | Attr =	]
Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer ->  [Folder | Modified Date = 10/14/2006 7:25:39 PM | Attr =	]
Autodesk -> C:\Documents and Settings\All Users\Application Data\Autodesk ->  [Folder | Modified Date = 8/29/2007 9:58:00 PM | Attr =	]
Dell -> C:\Documents and Settings\All Users\Application Data\Dell ->  [Folder | Modified Date = 1/10/2005 12:02:28 AM | Attr =	]
Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft ->  [Folder | Modified Date = 9/10/2007 8:04:17 PM | Attr =	]
Kaspersky Lab -> C:\Documents and Settings\All Users\Application Data\Kaspersky Lab ->  [Folder | Modified Date = 9/19/2007 7:50:58 PM | Attr =	]
Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft ->  [Folder | Modified Date = 10/23/2008 2:57:24 PM | Attr =	]
Macrovision -> C:\Documents and Settings\All Users\Application Data\Macrovision ->  [Folder | Modified Date = 10/20/2004 8:19:49 PM | Attr =	]
McAfee -> C:\Documents and Settings\All Users\Application Data\McAfee ->  [Folder | Modified Date = 10/2/2008 5:06:05 PM | Attr =	]
McAfee.com -> C:\Documents and Settings\All Users\Application Data\McAfee.com ->  [Folder | Modified Date = 8/5/2006 7:51:11 AM | Attr =	]
Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft ->  [Folder | Modified Date = 10/19/2004 9:19:27 PM | Attr =   S]
MSN6 -> C:\Documents and Settings\All Users\Application Data\MSN6 ->  [Folder | Modified Date = 4/25/2005 10:02:55 AM | Attr =	]
Napster -> C:\Documents and Settings\All Users\Application Data\Napster ->  [Folder | Modified Date = 1/8/2005 2:35:33 PM | Attr =	]
nView_Profiles -> C:\Documents and Settings\All Users\Application Data\nView_Profiles ->  [Folder | Modified Date = 2/2/2005 10:39:54 PM | Attr =	]
QuickTime -> C:\Documents and Settings\All Users\Application Data\QuickTime ->  [Folder | Modified Date = 8/11/2003 11:15:27 AM | Attr =	]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI ->  [Folder | Modified Date = 8/11/2003 11:03:51 AM | Attr =	]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 9/21/2008 12:13:10 PM | Attr =	]
Support.com -> C:\Documents and Settings\All Users\Application Data\Support.com ->  [Folder | Modified Date = 6/26/2005 12:01:35 PM | Attr =	]
SupportSoft -> C:\Documents and Settings\All Users\Application Data\SupportSoft ->  [Folder | Modified Date = 8/25/2007 8:17:13 AM | Attr =	]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint ->  [Folder | Modified Date = 11/15/2006 9:59:05 PM | Attr =	]
Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage ->  [Folder | Modified Date = 7/12/2006 5:48:09 AM | Attr =	]
Yahoo! Companion -> C:\Documents and Settings\All Users\Application Data\Yahoo! Companion ->  [Folder | Modified Date = 9/16/2006 9:43:59 PM | Attr =	]
Application Data -> C:\Documents and Settings\Default User\Application Data ->  [Folder | Modified Date = 8/11/2003 11:22:11 AM | Attr = RH ]
Identities -> C:\Documents and Settings\Default User\Application Data\Identities ->  [Folder | Modified Date = 8/11/2003 10:31:14 AM | Attr =	]
Microsoft -> C:\Documents and Settings\Default User\Application Data\Microsoft ->  [Folder | Modified Date = 8/11/2003 11:07:25 AM | Attr =   S]
Real -> C:\Documents and Settings\Default User\Application Data\Real ->  [Folder | Modified Date = 8/11/2003 11:22:24 AM | Attr =	]
Application Data -> C:\Documents and Settings\Justin\Application Data ->  [Folder | Modified Date = 9/16/2008 3:25:31 PM | Attr = RH ]
Adobe -> C:\Documents and Settings\Justin\Application Data\Adobe ->  [Folder | Modified Date = 9/16/2008 9:38:08 PM | Attr =	]
AdobeUM -> C:\Documents and Settings\Justin\Application Data\AdobeUM ->  [Folder | Modified Date = 3/31/2007 6:46:17 PM | Attr =	]
Aim -> C:\Documents and Settings\Justin\Application Data\Aim ->  [Folder | Modified Date = 6/29/2007 10:47:57 AM | Attr =	]
Apple Computer -> C:\Documents and Settings\Justin\Application Data\Apple Computer ->  [Folder | Modified Date = 4/13/2008 6:22:30 PM | Attr =	]
ArcSoft -> C:\Documents and Settings\Justin\Application Data\ArcSoft ->  [Folder | Modified Date = 9/16/2008 3:25:55 PM | Attr =	]
Autodesk -> C:\Documents and Settings\Justin\Application Data\Autodesk ->  [Folder | Modified Date = 1/17/2005 7:12:06 PM | Attr =	]
dvdcss -> C:\Documents and Settings\Justin\Application Data\dvdcss ->  [Folder | Modified Date = 5/17/2008 1:24:28 PM | Attr =	]
eMusic -> C:\Documents and Settings\Justin\Application Data\eMusic ->  [Folder | Modified Date = 10/10/2007 5:30:05 PM | Attr =	]
FUJIFILM -> C:\Documents and Settings\Justin\Application Data\FUJIFILM ->  [Folder | Modified Date = 9/1/2003 6:18:55 PM | Attr =	]
funkitron -> C:\Documents and Settings\Justin\Application Data\funkitron ->  [Folder | Modified Date = 6/23/2006 6:19:18 PM | Attr =	]
Google -> C:\Documents and Settings\Justin\Application Data\Google ->  [Folder | Modified Date = 5/16/2006 8:49:37 PM | Attr =	]
Grisoft -> C:\Documents and Settings\Justin\Application Data\Grisoft ->  [Folder | Modified Date = 9/10/2007 8:04:43 PM | Attr =	]
Help -> C:\Documents and Settings\Justin\Application Data\Help ->  [Folder | Modified Date = 11/14/2003 12:57:51 AM | Attr =	]
Identities -> C:\Documents and Settings\Justin\Application Data\Identities ->  [Folder | Modified Date = 8/11/2003 10:31:14 AM | Attr =	]
InterVideo -> C:\Documents and Settings\Justin\Application Data\InterVideo ->  [Folder | Modified Date = 8/14/2003 7:59:47 PM | Attr =	]
Macromedia -> C:\Documents and Settings\Justin\Application Data\Macromedia ->  [Folder | Modified Date = 1/18/2006 10:46:54 PM | Attr =	]
MathWorks -> C:\Documents and Settings\Justin\Application Data\MathWorks ->  [Folder | Modified Date = 12/31/2003 12:56:40 AM | Attr =	]
McAfee.com -> C:\Documents and Settings\Justin\Application Data\McAfee.com ->  [Folder | Modified Date = 1/8/2005 1:57:28 PM | Attr =	]
Microsoft -> C:\Documents and Settings\Justin\Application Data\Microsoft ->  [Folder | Modified Date = 2/27/2007 11:45:23 AM | Attr =   S]
MobileAction -> C:\Documents and Settings\Justin\Application Data\MobileAction ->  [Folder | Modified Date = 9/10/2006 6:16:25 PM | Attr =	]
Mozilla -> C:\Documents and Settings\Justin\Application Data\Mozilla ->  [Folder | Modified Date = 10/10/2007 5:30:07 PM | Attr =	]
MSN6 -> C:\Documents and Settings\Justin\Application Data\MSN6 ->  [Folder | Modified Date = 4/12/2007 9:56:40 AM | Attr =	]
Neo-Modus.com -> C:\Documents and Settings\Justin\Application Data\Neo-Modus.com ->  [Folder | Modified Date = 12/21/2003 8:56:36 PM | Attr =	]
Real -> C:\Documents and Settings\Justin\Application Data\Real ->  [Folder | Modified Date = 7/26/2004 12:13:10 AM | Attr =	]
Roxio -> C:\Documents and Settings\Justin\Application Data\Roxio ->  [Folder | Modified Date = 8/24/2003 10:04:15 PM | Attr =	]
Snapfish -> C:\Documents and Settings\Justin\Application Data\Snapfish ->  [Folder | Modified Date = 12/23/2007 4:48:59 PM | Attr =	]
Sun -> C:\Documents and Settings\Justin\Application Data\Sun ->  [Folder | Modified Date = 2/15/2007 7:20:52 PM | Attr =	]
UnH Solutions -> C:\Documents and Settings\Justin\Application Data\UnH Solutions ->  [Folder | Modified Date = 1/20/2004 11:02:38 PM | Attr =	]
uTorrent -> C:\Documents and Settings\Justin\Application Data\uTorrent ->  [Folder | Modified Date = 10/22/2008 7:45:27 PM | Attr =	]
Viewpoint -> C:\Documents and Settings\Justin\Application Data\Viewpoint ->  [Folder | Modified Date = 4/8/2007 1:36:29 PM | Attr =	]
Application Data -> C:\Documents and Settings\LocalService\Application Data ->  [Folder | Modified Date = 3/10/2004 10:11:02 PM | Attr =	]
Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe ->  [Folder | Modified Date = 10/20/2005 7:31:59 AM | Attr =	]
Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia ->  [Folder | Modified Date = 3/10/2004 10:11:02 PM | Attr =	]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft ->  [Folder | Modified Date = 8/11/2003 10:31:14 AM | Attr =   S]
Application Data -> C:\Documents and Settings\NetworkService\Application Data ->  [Folder | Modified Date = 8/11/2003 10:31:14 AM | Attr =	]
Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe ->  [Folder | Modified Date = 5/18/2008 3:07:58 PM | Attr =	]
Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia ->  [Folder | Modified Date = 5/18/2008 3:07:58 PM | Attr =	]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft ->  [Folder | Modified Date = 8/11/2003 10:31:14 AM | Attr =   S]
Application Data -> C:\Documents and Settings\Tammy\Application Data ->  [Folder | Modified Date = 1/1/2005 3:10:17 PM | Attr = RH ]
Aim -> C:\Documents and Settings\Tammy\Application Data\Aim ->  [Folder | Modified Date = 12/30/2004 2:40:13 PM | Attr =	]
Autodesk -> C:\Documents and Settings\Tammy\Application Data\Autodesk ->  [Folder | Modified Date = 10/20/2004 8:40:39 PM | Attr =	]
Help -> C:\Documents and Settings\Tammy\Application Data\Help ->  [Folder | Modified Date = 10/20/2004 8:18:26 PM | Attr =	]
Identities -> C:\Documents and Settings\Tammy\Application Data\Identities ->  [Folder | Modified Date = 8/11/2003 10:31:14 AM | Attr =	]
Macromedia -> C:\Documents and Settings\Tammy\Application Data\Macromedia ->  [Folder | Modified Date = 10/19/2004 9:21:37 PM | Attr =	]
McAfee.com -> C:\Documents and Settings\Tammy\Application Data\McAfee.com ->  [Folder | Modified Date = 11/13/2004 4:41:38 PM | Attr =	]
Microsoft -> C:\Documents and Settings\Tammy\Application Data\Microsoft ->  [Folder | Modified Date = 12/27/2004 5:12:30 PM | Attr =   S]
Real -> C:\Documents and Settings\Tammy\Application Data\Real ->  [Folder | Modified Date = 8/11/2003 11:22:24 AM | Attr =	]
WeatherBug -> C:\Documents and Settings\Tammy\Application Data\WeatherBug ->  [Folder | Modified Date = 1/1/2005 3:10:20 PM | Attr =	]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks ->  [Folder | Modified Date = 8/9/2008 5:36:13 PM | Attr =   S]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 10/23/2008 10:33:04 PM | Attr =	]
DESKTOP.INI -> C:\WINDOWS\Tasks\DESKTOP.INI ->  [Ver =  | Size = 65 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = RH ]
McDefragTask.job -> C:\WINDOWS\Tasks\McDefragTask.job ->  [Ver =  | Size = 266 bytes | Modified Date = 9/15/2008 1:12:46 AM | Attr =	]
McQcTask.job -> C:\WINDOWS\Tasks\McQcTask.job ->  [Ver =  | Size = 358 bytes | Modified Date = 8/1/2008 1:00:25 AM | Attr =	]
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 10/26/2008 2:28:04 PM | Attr =  H ]
[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\ShellNew\Thumbs.db:encryptable 0 bytes
C:\WINDOWS\Web\Thumbs.db:encryptable 0 bytes
C:\WINDOWS\SYSTEM32\Thumbs.db:encryptable 0 bytes
C:\WINDOWS\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\Justin\Desktop\BRENTON\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Justin\Desktop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Justin\Favorites\3VOOR12 - Home.url:favicon 894 bytes
C:\Documents and Settings\Justin\Favorites\BIGSTEREO.url:favicon 1406 bytes
C:\Documents and Settings\Justin\Favorites\Black Metal Radio  Main.url:favicon 25214 bytes
C:\Documents and Settings\Justin\Favorites\Cell Phones,Cellular Phone Plans,Prepaid Cell Phones,Free Cell Phones & Deals - Stick Together with T-Mobile.url:favicon 1406 bytes
C:\Documents and Settings\Justin\Favorites\Highsnobiety - Online Lifestyle Magazine.url:favicon 3262 bytes
C:\Documents and Settings\Justin\Favorites\IHEARTCOMIX!.url:favicon 3638 bytes
C:\Documents and Settings\Justin\Favorites\Instructions for Form 2106 (2006).url:favicon 3638 bytes
C:\Documents and Settings\Justin\Favorites\isoHunt - the BitTorrent and P2P search engine.url:favicon 894 bytes
C:\Documents and Settings\Justin\Favorites\Music Videos, Songs, Internet Radio, Free Music Downloads - AOL Music.url:favicon 2862 bytes
C:\Documents and Settings\Justin\Favorites\Richmond Movie Palace - The Byrd Theatre.url:favicon 1406 bytes
C:\Documents and Settings\Justin\Favorites\targetREDcard.url:favicon 1406 bytes
C:\Documents and Settings\Justin\Favorites\Video Game Cheats - Video Game Reviews - Video Game Codes - Video Game Web Site - GameFAQs.url:favicon 1406 bytes
C:\Documents and Settings\Justin\Favorites\Wachovia - Personal Finance and Business Financial Services.url:favicon 7406 bytes
C:\Documents and Settings\Justin\Favorites\Encyclopaedia Metallum The Metal Archives.url:favicon 1150 bytes
C:\Documents and Settings\Justin\Favorites\FitnessAV.ca.url:favicon 1406 bytes
C:\Documents and Settings\Justin\Favorites\Netflix.url:favicon 318 bytes
C:\Documents and Settings\Justin\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Justin\My Documents\PORTFOLIO\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Justin\My Documents\IIDA\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Justin\My Documents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Justin\My Documents\Adobe Photoshop CS 8.0\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Justin\My Documents\RESUME\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 108

< End of report >




thank you again :thumbsup:

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:04 AM

Posted 27 October 2008 - 07:17 PM

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Processes - Non-Microsoft Only]
YY -> brastk.exe -> %SystemRoot%\SYSTEM32\brastk.exe
[Win32 Services - Non-Microsoft Only]
YY -> (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> brastk -> %SystemRoot%\SYSTEM32\brastk.exe [C:\WINDOWS\system32\brastk.exe]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> brastk -> %SystemRoot%\SYSTEM32\brastk.exe [C:\WINDOWS\system32\brastk.exe]
< Run [HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\] > -> HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> brastk -> %SystemRoot%\SYSTEM32\brastk.exe [C:\WINDOWS\system32\brastk.exe]
[Files/Folders - Created Within 30 days]
NY -> brastk.exe -> %SystemRoot%\System32\brastk.exe
NY -> wini101952.exe -> %SystemRoot%\System32\wini101952.exe
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> AntiSpywareXP2009 -> %ProgramFiles%\AntiSpywareXP2009
[Files/Folders - Modified Within 30 days]
NY -> brastk.exe -> %SystemRoot%\System32\brastk.exe
NY -> wini101952.exe -> %SystemRoot%\System32\wini101952.exe
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
NY -> Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint
NY -> Viewpoint -> C:\Documents and Settings\Justin\Application Data\Viewpoint
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
===========================================
Then::

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 tigerthunder

tigerthunder
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 27 October 2008 - 08:51 PM

thank you for your help

here is the first step you gave me it did need to reboot


Explorer killed successfully
[Processes - Non-Microsoft Only]
Unable to kill process brastk.exe .
File move failed. C:\WINDOWS\SYSTEM32\brastk.exe scheduled to be moved on reboot.
[Win32 Services - Non-Microsoft Only]
Service Viewpoint Manager Service stopped successfully.
Service Viewpoint Manager Service deleted successfully.
File C:\Program Files\Viewpoint\Common\ViewpointService.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\brastk not found.
File C:\WINDOWS\SYSTEM32\brastk.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\brastk deleted successfully.
File C:\WINDOWS\SYSTEM32\brastk.exe not found.
Registry value HKEY_USERS\S-1-5-21-3116537725-3288457316-862592467-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\brastk not found.
File C:\WINDOWS\SYSTEM32\brastk.exe not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\brastk.exe not found!
File move failed. C:\WINDOWS\System32\wini101952.exe scheduled to be moved on reboot.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT folder moved successfully.
Folder move failed. C:\Program Files\AntiSpywareXP2009 scheduled to be moved on reboot.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\brastk.exe not found!
File move failed. C:\WINDOWS\System32\wini101952.exe scheduled to be moved on reboot.
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\ViewpointManager\contents folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\ViewpointManager folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Justin\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Justin\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Justin\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Justin\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Justin\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\Justin\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\Justin\Application Data\Viewpoint folder moved successfully.
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_54iUjpPzvHnlF8S scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_iwj7JMIhPKxkO33 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_oDUQzljV5ibI3WZ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV187.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 10272008_213714

Files moved on Reboot...
File C:\WINDOWS\SYSTEM32\brastk.exe not found!
File C:\WINDOWS\System32\wini101952.exe not found!
C:\Program Files\AntiSpywareXP2009 folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\mcmsc_54iUjpPzvHnlF8S not found!
File C:\WINDOWS\temp\mcmsc_iwj7JMIhPKxkO33 not found!
C:\WINDOWS\temp\mcmsc_oDUQzljV5ibI3WZ moved successfully.
C:\WINDOWS\temp\WFV187.tmp moved successfully.


second step coming soon

:thumbsup:

#6 tigerthunder

tigerthunder
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 27 October 2008 - 08:59 PM

"Malwarebytes' Anti-Malware" will not run (open at all) it keeps giving me a runtime error "0" and "440" so no luck with step two

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:04 AM

Posted 27 October 2008 - 09:02 PM

Ok try this one instead:

Please download SUPERAntiSpyware Home Edition (free version).
–Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Scan for Alternate Data streams
  • Terminate memory threats before quarantining.
  • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.
Then run Superantispyware.
  • Double click on the icon to start Superantispyware.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
1. To retrieve the removal information for me please do the following:
2. After reboot, double-click the SUPERAntispyware icon on your desktop.
3. Click Preferences. Click the Statistics/Logs tab.
4. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
5. It will open in your default text editor (such as Notepad/Wordpad).
6. Please highlight everything in the notepad, then right-click and choose copy.
7. Click close and close again to exit the program.
Save the log information. If needed (still infected) paste this info along with your HijackThis log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 tigerthunder

tigerthunder
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 28 October 2008 - 07:19 PM

every thing seems good now the bubble is gone. here are the log files just incase.

another quick question i now have two icons on my desk top desktop.ini & thumbs.db that were not their before they are semi transparent?
also do you think i can get rid of any of these programs?
superanti spy
otscanit
aft cleaner
ad aware
avg antispy ware
spybot
ccleaner

thank you for all your help




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/28/2008 at 07:53 PM

Application Version : 4.21.1004

Core Rules Database Version : 3612
Trace Rules Database Version: 1598

Scan type : Complete Scan
Total Scan Time : 01:15:01

Memory items scanned : 443
Memory threats detected : 0
Registry items scanned : 5613
Registry threats detected : 0
File items scanned : 23615
File threats detected : 42

Adware.Tracking Cookie
C:\Documents and Settings\Justin\Cookies\justin@adopt.euroclick[1].txt
C:\Documents and Settings\Justin\Cookies\justin@bs.serving-sys[2].txt
C:\Documents and Settings\Justin\Cookies\justin@media6degrees[1].txt
C:\Documents and Settings\Justin\Cookies\justin@atdmt[2].txt
C:\Documents and Settings\Justin\Cookies\justin@trafficmp[1].txt
C:\Documents and Settings\Justin\Cookies\justin@media.adrevolver[1].txt
C:\Documents and Settings\Justin\Cookies\justin@advertising[2].txt
C:\Documents and Settings\Justin\Cookies\justin@adrevolver[1].txt
C:\Documents and Settings\Justin\Cookies\justin@tacoda[2].txt
C:\Documents and Settings\Justin\Cookies\justin@atwola[2].txt
C:\Documents and Settings\Justin\Cookies\justin@ad.yieldmanager[2].txt
C:\Documents and Settings\Justin\Cookies\justin@fastclick[2].txt
C:\Documents and Settings\Justin\Cookies\justin@revsci[1].txt
C:\Documents and Settings\Justin\Cookies\justin@2o7[1].txt
C:\Documents and Settings\Justin\Cookies\justin@kontera[2].txt
C:\Documents and Settings\Justin\Cookies\justin@realmedia[1].txt
C:\Documents and Settings\Justin\Cookies\justin@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Justin\Cookies\justin@mediaplex[1].txt
C:\Documents and Settings\Justin\Cookies\justin@ads.pointroll[2].txt
C:\Documents and Settings\Justin\Cookies\justin@zedo[2].txt
C:\Documents and Settings\Justin\Cookies\justin@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Justin\Cookies\justin@nl.sitestat[2].txt
C:\Documents and Settings\Justin\Cookies\justin@pitchforkmedia[1].txt
C:\Documents and Settings\Justin\Cookies\justin@serving-sys[2].txt
C:\Documents and Settings\Justin\Cookies\justin@richmedia.yahoo[2].txt
C:\Documents and Settings\Justin\Cookies\justin@burstnet[1].txt
C:\Documents and Settings\Justin\Cookies\justin@tribalfusion[1].txt
C:\Documents and Settings\Justin\Cookies\justin@questionmarket[2].txt
C:\Documents and Settings\Justin\Cookies\justin@apmebf[2].txt
C:\Documents and Settings\Justin\Cookies\justin@247realmedia[2].txt
C:\Documents and Settings\Justin\Cookies\justin@specificclick[2].txt
C:\Documents and Settings\Justin\Cookies\justin@sales.liveperson[2].txt
C:\Documents and Settings\Justin\Cookies\justin@mint.pitchforkmedia[1].txt
C:\Documents and Settings\Justin\Cookies\justin@ads.bridgetrack[2].txt
C:\Documents and Settings\Justin\Cookies\justin@nl.sitestat[1].txt
C:\Documents and Settings\Justin\Cookies\justin@citi.bridgetrack[1].txt
C:\Documents and Settings\Justin\Cookies\justin@www.burstbeacon[1].txt
C:\Documents and Settings\Justin\Cookies\justin@adopt.specificclick[1].txt
C:\Documents and Settings\Justin\Cookies\justin@doubleclick[1].txt
C:\Documents and Settings\Justin\Cookies\justin@collective-media[2].txt
C:\Documents and Settings\Justin\Cookies\justin@specificmedia[2].txt
C:\Documents and Settings\Justin\Cookies\justin@www.burstnet[1].txt




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:44 PM, on 10/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\I8kfanGUI\i8kfangui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\i8kfangui.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {3759252A-7748-4DBE-AD87-AE8CE8D244D6} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {B79A9CFB-D5BB-4268-817A-592369A3E917} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {B9C1644D-47B6-405D-9EB2-9DED17903595} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191626053394
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 9888 bytes




:thumbsup: :) :)

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:04 AM

Posted 29 October 2008 - 05:08 AM

another quick question i now have two icons on my desk top desktop.ini & thumbs.db that were not their before they are semi transparent?

Yes those are normally hidden that is why they look that way.
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not Show hidden files and folders.
  • Check the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK
=================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users