Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

So many problems caused by virus! - Can someone please help me..


  • Please log in to reply
117 replies to this topic

#1 sheegirl

sheegirl

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Malaysia
  • Local time:03:39 AM

Posted 27 October 2008 - 04:15 AM

Hi all experts, I am experiencing these problems:

1. Run, Control Panel is missing from the Start menu.
2. I can't click Command Prompt (not opening)
3. I can't click alt+ctrl+del for Task Manager ('Task Manager has been disabled by your administrator')
4. When I click on “show hidden files” under folder option and click OK then I reopen folder option, I find option changed to “don’t show hidden files” automatically. I think something is preventing the settings to be saved.
5. Nothing happen when I click Search icon.
6. Double click C or D drive at My Computer not opening (Autorun.inf perhaps?)
7. Cannot edit my registry ('Registry editing has been disabled by your administrator')
8. Unable to save any documents into my pendrive.


What i have done:

I have cleaned my system using Avast, Spybot - Search and Destroy and Malwarebytes' Anti-Malware (but the virus keep coming back!)

My HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:46 PM, on 10/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Azan\Athan.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Azan\Athan.exe
O4 - HKLM\..\Run: [muBlinder] D:\Softwares\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://www.gamehouse.com/realarcade-webgam.../DoggieDash.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/realarcade-webgam...mjolauncher.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://www.gamehouse.com/realarcade-webgam...BGamePlayer.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/realarcade-webgam...zylomplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B2F03B3-F73C-40F0-9138-D37213519A59}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\User\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

--
End of file - 10363 bytes

Thank you for your kind assistance.

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:39 PM

Posted 27 October 2008 - 05:21 AM

Hello sheegirl

Welcome to BleepingComputer :thumbsup:
========================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      FIle - Lop check
      File - Purity Scan
      Under Basic scans:
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Attach the information back here. I will review it when it comes in.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 sheegirl

sheegirl
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Malaysia
  • Local time:03:39 AM

Posted 27 October 2008 - 09:36 AM

Hello kahdah,

I've done as instructed but whilst OTScanIt did its scanning Avast found 2 malwares called Win32:Inject-EV(Tri). I have moved it to chest otherwise it will not continue scanning.

Here is the OTScanIT log:

OTScanIt logfile created on: 10/27/2008 10:12:14 PM
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = D:\Softwares\OTScanIt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.29 Mb Total Physical Memory | 566.24 Mb Available Physical Memory | 55.83% Memory free
2.53 Gb Paging File | 0.61 Gb Available in Paging File | 24.01% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.01 Gb Total Space | 37.14 Gb Free Space | 74.26% Space Free | Partition Type: NTFS
Drive D: | 182.88 Gb Total Space | 177.19 Gb Free Space | 96.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-CDB34C6D45
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 7/19/2008 10:25:06 PM | Attr =	]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 7/19/2008 10:38:28 PM | Attr =	]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 7/19/2008 10:38:34 PM | Attr =	]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe ->  [Ver =  | Size = 36352 bytes | Modified Date = 4/2/2008 2:49:42 AM | Attr =	]
athan.exe -> %ProgramFiles%\Azan\Athan.exe -> www.IslamicFinder.org [Ver = 3.04 | Size = 1069056 bytes | Modified Date = 8/18/2008 9:03:39 AM | Attr =	]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 7/19/2008 10:38:04 PM | Attr =	]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 7/23/2008 10:25:45 PM | Attr =	]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 3, 25 | Size = 1833296 bytes | Modified Date = 9/16/2008 12:16:08 PM | Attr = RHS]
fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 3/5/2008 4:18:41 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 7/19/2008 10:25:06 PM | Attr =	]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 7/19/2008 10:38:28 PM | Attr =	]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 7/19/2008 10:38:04 PM | Attr =	]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 7/23/2008 10:25:45 PM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 3/5/2008 4:18:41 AM | Attr =	]
(hpdj) hpdj [Win32_Shared | Auto | Stopped] -> %SystemDrive%\DOCUME~1\User\LOCALS~1\Temp\hpdj.exe -> File not found

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 26944 bytes | Modified Date = 7/19/2008 10:32:15 PM | Attr =	]
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 20560 bytes | Modified Date = 7/19/2008 10:37:42 PM | Attr =	]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 94416 bytes | Modified Date = 7/19/2008 10:37:21 PM | Attr =	]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 23152 bytes | Modified Date = 7/19/2008 10:33:42 PM | Attr =	]
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 78416 bytes | Modified Date = 7/19/2008 10:35:18 PM | Attr =	]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 42912 bytes | Modified Date = 7/19/2008 10:32:36 PM | Attr =	]
(Flash1) Flash1 [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SP36869\winphlash\FLASH1.sys ->  [Ver = 1, 9, 1, 0 | Size = 3456 bytes | Modified Date = 3/1/2006 5:54:48 PM | Attr =	]
(hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ewusbmdm.sys -> Huawei Technologies Co., Ltd. [Ver = 2. 0. 3. 8. SP09 | Size = 101120 bytes | Modified Date = 8/8/2007 12:12:42 PM | Attr =	]
(rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimmptsk.sys -> REDC [Ver = 1.0.0.9 | Size = 28928 bytes | Modified Date = 11/17/2005 12:28:32 PM | Attr =	]
(rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimsptsk.sys -> REDC [Ver = 1.00.02.05 | Size = 51840 bytes | Modified Date = 12/23/2005 9:02:22 AM | Attr =	]
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rixdptsk.sys -> REDC [Ver = 1.00.02.08 | Size = 308992 bytes | Modified Date = 11/2/2005 10:08:00 AM | Attr =	]
(UIUSys) Conexant Setup API [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\UIUSYS.SYS -> File not found
(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\yk51x86.sys -> Marvell [Ver = 10.15.4.3 built by: WinDDK | Size = 262912 bytes | Modified Date = 6/9/2007 8:15:00 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
 ->  [] -> File not found
Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 8.1.2.2008011100 | Size = 623992 bytes | Modified Date = 1/12/2008 10:54:31 AM | Attr =	]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/12/2008 2:16:38 PM | Attr =	]
Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe [C:\Program Files\Apoint2K\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 5.5.1.200 | Size = 159744 bytes | Modified Date = 2/9/2005 8:38:10 AM | Attr =	]
Athan -> %ProgramFiles%\Azan\Athan.exe [C:\Program Files\Azan\Athan.exe] -> www.IslamicFinder.org [Ver = 3.04 | Size = 1069056 bytes | Modified Date = 8/18/2008 9:03:39 AM | Attr =	]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 7/19/2008 10:38:34 PM | Attr =	]
HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 6.14.10.4820 | Size = 155648 bytes | Modified Date = 4/17/2007 4:51:30 AM | Attr =	]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr =	]
HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd.exe ["C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"] -> Hewlett-Packard [Ver = 1, 0, 0, 2 | Size = 49152 bytes | Modified Date = 6/26/2003 3:24:48 AM | Attr =	]
HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe] -> HP [Ver = 2.236.2.0 | Size = 188416 bytes | Modified Date = 1/13/2006 2:58:16 PM | Attr =	]
IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 6.14.10.4820 | Size = 135168 bytes | Modified Date = 4/17/2007 4:51:30 AM | Attr =	]
muBlinder -> D:\Softwares\muBlinder\muBlinder.exe [D:\Softwares\muBlinder\muBlinder.exe -startup] -> KRX [Ver = 3.5.7.0 | Size = 1463808 bytes | Modified Date = 10/8/2008 8:17:42 AM | Attr =	]
Persistence -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 6.14.10.4820 | Size = 131072 bytes | Modified Date = 4/17/2007 4:51:00 AM | Attr =	]
QlbCtrl -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start] ->  Hewlett-Packard Development Company, L.P. [Ver = 6, 1, 2, 9 | Size = 159744 bytes | Modified Date = 11/7/2006 2:58:18 AM | Attr =	]
QPService -> %ProgramFiles%\HP\QuickPlay\QPService.exe ["C:\Program Files\HP\QuickPlay\QPService.exe"] -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 102400 bytes | Modified Date = 4/12/2006 1:54:16 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr =	]
vr64 -> Reg Error: Value vr64 does not exist or could not be read. [Reg Error: Value vr64 does not exist or could not be read.] -> File not found
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe ["C:\Program Files\Winamp\winampa.exe"] ->  [Ver =  | Size = 36352 bytes | Modified Date = 4/2/2008 2:49:42 AM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 3, 25 | Size = 1833296 bytes | Modified Date = 9/16/2008 12:16:08 PM | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 4.0.1.3500 | Size = 581693 bytes | Modified Date = 5/13/2006 5:33:22 AM | Attr =	]
< User Startup Folder > -> C:\Documents and Settings\User\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/14/2008 8:12:19 AM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/14/2008 8:12:38 AM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/14/2008 8:12:24 AM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/14/2008 8:12:05 AM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/14/2008 8:12:41 AM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4820 | Size = 204800 bytes | Modified Date = 4/17/2007 4:50:30 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileMenu -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoTrayContextMenu -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSetting -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideRunAsVerb -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\InternetOpenWith -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoFolderOptions -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileMenu -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSetting -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideRunAsVerb -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoTrayContextMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoFolderOptions -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/14/2008 2:40:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 12/26/2007 5:28:08 AM | Attr =	]
autorun.inf [[autorun] | shellexecute=wscript.exe Mc~.vbe | ] -> %SystemDrive%\autorun.inf [ NTFS ] ->  [Ver =  | Size = 88 bytes | Modified Date = 10/27/2008 10:12:24 PM | Attr = RHS]
autorun.inf [[autorun] | shellexecute=wscript.exe Mc~.vbe | ] -> D:\autorun.inf [ NTFS ] ->  [Ver =  | Size = 88 bytes | Modified Date = 10/27/2008 10:12:24 PM | Attr = RHS]
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1	   localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 3:08:42 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 9/15/2008 2:25:44 PM | Attr = RHS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/11/2007 2:47:03 PM | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/11/2007 2:47:03 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/11/2007 2:47:03 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/11/2007 2:47:03 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 9/15/2008 2:25:44 PM | Attr = RHS]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/11/2007 2:47:03 PM | Attr =	]
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/11/2007 2:47:03 PM | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/11/2007 2:47:03 PM | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/11/2007 2:47:03 PM | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/11/2007 2:47:03 PM | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/11/2007 2:47:03 PM | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/11/2007 2:47:03 PM | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/11/2007 2:47:03 PM | Attr =	]
Send To &Bluetooth -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ->  [Ver =  | Size = 1320 bytes | Modified Date = 5/30/2003 5:53:12 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{2D34B0D3-41D2-4D09-8526-4B7AC24EA9D7} ->	(Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller) -> 
{60BE7AA7-B063-4702-AC8A-3C491C456CA2} ->	(Intel(R) Wireless WiFi Link 4965AGN) -> 
{77513036-7F0D-47B4-8C8C-14FC03E119A0} ->	(1394 Net Adapter) -> 
{8E45C259-62C1-44A1-8DF0-7FAFE9074E7C} ->	(Broadcom 802.11b/g WLAN) -> 
{94C77812-3DA8-4EA5-B2BD-C9C0E5DE6BB5} ->	(1394 Net Adapter) -> 
{98A0A444-A489-4ABB-8218-2D0B0960E685} ->	(Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{CF7376F0-68A6-4011-B75E-59C86F2F875A} ->	() -> 
{D1A0B4EF-7ED5-4E2E-B3F8-9A65277A7EE1} ->	(1394 Net Adapter) -> 
{F380B484-5EA5-4B22-B77D-5428101D84E1} ->	(1394 Net Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{54BE6B6F-3056-470B-97E1-BB92E051B6C4}[HKEY_LOCAL_MACHINE] -> http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab[DeviceEnum Class] -> 
{6715D12F-213F-4C6E-ACE1-8A363F550B96}[HKEY_LOCAL_MACHINE] -> http://www.gamehouse.com/realarcade-webgames/doggiedash/DoggieDash.cab[CPlayFirstDoggieDashControl Object] -> 
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}[HKEY_LOCAL_MACHINE] -> http://www.gamehouse.com/realarcade-webgames/luxor2/mjolauncher.cab[MJLauncherCtrl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{935F9B04-0C7B-4454-A391-348C54AD7ADD}[HKEY_LOCAL_MACHINE] -> http://www.gamehouse.com/realarcade-webgames/bcasanfrancisco/JBGamePlayer.cab[Jolly Bear Games Player] -> 
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}[HKEY_LOCAL_MACHINE] -> http://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab[Zylom Games Player] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DoggieDash.1.0.0.6.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DoggieDash.1.0.0.6.dll\\.Owner -> {6715D12F-213F-4C6E-ACE1-8A363F550B96} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DoggieDash.1.0.0.6.dll\\{6715D12F-213F-4C6E-ACE1-8A363F550B96} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/JBGamePlayer.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/JBGamePlayer.dll\\.Owner -> {935F9B04-0C7B-4454-A391-348C54AD7ADD} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/JBGamePlayer.dll\\{935F9B04-0C7B-4454-A391-348C54AD7ADD} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mjolauncher.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mjolauncher.dll\\.Owner -> {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mjolauncher.dll\\{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zylomgamesplayer.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zylomgamesplayer.dll\\.Owner -> {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zylomgamesplayer.dll\\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> N -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/14/2008 8:12:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/14/2008 8:11:56 AM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/14/2008 8:12:00 AM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/14/2008 8:12:05 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/14/2008 8:12:08 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/14/2008 8:12:05 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/14/2008 8:12:02 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> DB AA 71 85 8E D0 4C 90 88 E0 EA 76 FF 1A 60 47 30 37 36 31 61 30 64 65 00 FD 07 00 EF 53 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 47 5A 91 8B A8 C2 61 32 6E AF 14 07  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 8C 59 D0 53 FB 83 82 AA 02  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 74 54 2D 22 C0 0F  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 01 C4 E4 68 8D 6A F1 BB 64 F4 3D B5 2E 21 BC 81  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 64 C8 2E 2F 0E 38 C9 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 8:12:36 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 8105 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/14/2008 8:11:55 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/14/2008 8:12:34 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/14/2008 2:53:32 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mshta.exe -> %SystemRoot%\system32\mshta.exe [C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host] -> Microsoft Corporation [Ver = 7.00.5730.13 (longhorn(wmbla).070711-1130) | Size = 45568 bytes | Modified Date = 8/14/2007 10:32:30 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/14/2008 2:53:32 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/14/2008 8:12:34 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 8:12:36 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/14/2008 8:12:11 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/14/2008 8:12:04 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 8:12:36 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 4/14/2008 8:12:04 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 4/14/2008 8:12:38 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/14/2008 8:12:04 AM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
autorun.inf -> %SystemDrive%\autorun.inf ->  [Ver =  | Size = 88 bytes | Created Date = 10/21/2008 8:10:32 AM | Attr = RHS]
Mc~.vbe -> %SystemDrive%\Mc~.vbe ->  [Ver =  | Size = 1082370 bytes | Created Date = 10/21/2008 8:10:32 AM | Attr = RHS]
athan -> %SystemRoot%\System32\athan ->  [Folder | Created Date = 9/27/2008 10:19:04 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
bits -> %SystemRoot%\System32\bits ->  [Folder | Created Date = 10/27/2008 4:22:49 PM | Attr =	]
en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 10/27/2008 4:22:49 PM | Attr =	]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Created Date = 10/25/2008 8:55:10 PM | Attr =  H ]
prnjobt.vbe -> %SystemRoot%\System32\prnjobt.vbe ->  [Ver =  | Size = 2 bytes | Created Date = 10/21/2008 8:10:32 AM | Attr = RHS]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 10/27/2008 4:22:50 PM | Attr =	]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Created Date = 10/27/2008 4:13:52 PM | Attr =  H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 10/26/2008 7:07:46 AM | Attr =	]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 9/27/2008 10:19:06 PM | Attr =	]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 10/27/2008 4:22:50 PM | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 10/27/2008 4:39:10 PM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 10/27/2008 4:17:21 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 10/27/2008 4:30:08 PM | Attr =	]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Created Date = 10/27/2008 4:19:01 PM | Attr =	]
At1.job -> %SystemRoot%\tasks\At1.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/21/2008 8:10:37 AM | Attr =	]
At10.job -> %SystemRoot%\tasks\At10.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:50:48 PM | Attr =	]
At100.job -> %SystemRoot%\tasks\At100.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:59 PM | Attr =	]
At101.job -> %SystemRoot%\tasks\At101.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:59 PM | Attr =	]
At102.job -> %SystemRoot%\tasks\At102.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:59 PM | Attr =	]
At103.job -> %SystemRoot%\tasks\At103.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:59 PM | Attr =	]
At104.job -> %SystemRoot%\tasks\At104.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:59 PM | Attr =	]
At105.job -> %SystemRoot%\tasks\At105.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:59 PM | Attr =	]
At106.job -> %SystemRoot%\tasks\At106.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:33:01 PM | Attr =	]
At107.job -> %SystemRoot%\tasks\At107.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:33:01 PM | Attr =	]
At108.job -> %SystemRoot%\tasks\At108.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:33:01 PM | Attr =	]
At109.job -> %SystemRoot%\tasks\At109.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:33:01 PM | Attr =	]
At11.job -> %SystemRoot%\tasks\At11.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:50:50 PM | Attr =	]
At110.job -> %SystemRoot%\tasks\At110.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:33:01 PM | Attr =	]
At111.job -> %SystemRoot%\tasks\At111.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:33:01 PM | Attr =	]
At112.job -> %SystemRoot%\tasks\At112.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:33:01 PM | Attr =	]
At12.job -> %SystemRoot%\tasks\At12.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:50:52 PM | Attr =	]
At13.job -> %SystemRoot%\tasks\At13.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:50:55 PM | Attr =	]
At14.job -> %SystemRoot%\tasks\At14.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:50:56 PM | Attr =	]
At15.job -> %SystemRoot%\tasks\At15.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:50:57 PM | Attr =	]
At16.job -> %SystemRoot%\tasks\At16.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:51:01 PM | Attr =	]
At17.job -> %SystemRoot%\tasks\At17.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:51:49 PM | Attr =	]
At18.job -> %SystemRoot%\tasks\At18.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:51:52 PM | Attr =	]
At19.job -> %SystemRoot%\tasks\At19.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:51:53 PM | Attr =	]
At2.job -> %SystemRoot%\tasks\At2.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/24/2008 7:27:00 AM | Attr =	]
At20.job -> %SystemRoot%\tasks\At20.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:52:07 PM | Attr =	]
At21.job -> %SystemRoot%\tasks\At21.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:52:07 PM | Attr =	]
At22.job -> %SystemRoot%\tasks\At22.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:52:14 PM | Attr =	]
At23.job -> %SystemRoot%\tasks\At23.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:52:28 PM | Attr =	]
At24.job -> %SystemRoot%\tasks\At24.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 9:08:56 PM | Attr =	]
At25.job -> %SystemRoot%\tasks\At25.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 9:14:42 PM | Attr =	]
At26.job -> %SystemRoot%\tasks\At26.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 9:16:16 PM | Attr =	]
At27.job -> %SystemRoot%\tasks\At27.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 9:30:24 PM | Attr =	]
At28.job -> %SystemRoot%\tasks\At28.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 9:33:50 PM | Attr =	]
At29.job -> %SystemRoot%\tasks\At29.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 9:33:51 PM | Attr =	]
At3.job -> %SystemRoot%\tasks\At3.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 5:18:35 PM | Attr =	]
At30.job -> %SystemRoot%\tasks\At30.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 9:33:52 PM | Attr =	]
At31.job -> %SystemRoot%\tasks\At31.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 10:27:28 PM | Attr =	]
At32.job -> %SystemRoot%\tasks\At32.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 10:28:02 PM | Attr =	]
At33.job -> %SystemRoot%\tasks\At33.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 10:28:07 PM | Attr =	]
At34.job -> %SystemRoot%\tasks\At34.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 10:29:32 PM | Attr =	]
At35.job -> %SystemRoot%\tasks\At35.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 10:42:44 PM | Attr =	]
At36.job -> %SystemRoot%\tasks\At36.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 10:43:22 PM | Attr =	]
At37.job -> %SystemRoot%\tasks\At37.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 10:43:25 PM | Attr =	]
At38.job -> %SystemRoot%\tasks\At38.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 11:16:11 PM | Attr =	]
At39.job -> %SystemRoot%\tasks\At39.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 11:36:03 PM | Attr =	]
At4.job -> %SystemRoot%\tasks\At4.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 5:26:26 PM | Attr =	]
At40.job -> %SystemRoot%\tasks\At40.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 11:41:00 PM | Attr =	]
At41.job -> %SystemRoot%\tasks\At41.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 11:48:26 PM | Attr =	]
At42.job -> %SystemRoot%\tasks\At42.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/26/2008 7:32:32 AM | Attr =	]
At43.job -> %SystemRoot%\tasks\At43.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/26/2008 7:32:36 AM | Attr =	]
At44.job -> %SystemRoot%\tasks\At44.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/26/2008 7:32:37 AM | Attr =	]
At45.job -> %SystemRoot%\tasks\At45.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/26/2008 7:33:59 AM | Attr =	]
At46.job -> %SystemRoot%\tasks\At46.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/26/2008 7:43:24 AM | Attr =	]
At47.job -> %SystemRoot%\tasks\At47.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/26/2008 7:46:53 AM | Attr =	]
At48.job -> %SystemRoot%\tasks\At48.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/26/2008 7:46:59 AM | Attr =	]
At49.job -> %SystemRoot%\tasks\At49.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/26/2008 7:47:06 AM | Attr =	]
At5.job -> %SystemRoot%\tasks\At5.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 5:26:30 PM | Attr =	]
At50.job -> %SystemRoot%\tasks\At50.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/26/2008 7:47:07 AM | Attr =	]
At51.job -> %SystemRoot%\tasks\At51.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/26/2008 7:51:57 AM | Attr =	]
At52.job -> %SystemRoot%\tasks\At52.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/26/2008 10:39:39 AM | Attr =	]
At53.job -> %SystemRoot%\tasks\At53.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/27/2008 8:44:05 AM | Attr =	]
At54.job -> %SystemRoot%\tasks\At54.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/27/2008 8:57:50 AM | Attr =	]
At55.job -> %SystemRoot%\tasks\At55.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/27/2008 4:30:56 PM | Attr =	]
At56.job -> %SystemRoot%\tasks\At56.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/27/2008 4:51:11 PM | Attr =	]
At57.job -> %SystemRoot%\tasks\At57.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:11 PM | Attr =	]
At58.job -> %SystemRoot%\tasks\At58.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:11 PM | Attr =	]
At59.job -> %SystemRoot%\tasks\At59.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:12 PM | Attr =	]
At6.job -> %SystemRoot%\tasks\At6.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 5:26:37 PM | Attr =	]
At60.job -> %SystemRoot%\tasks\At60.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:12 PM | Attr =	]
At61.job -> %SystemRoot%\tasks\At61.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:12 PM | Attr =	]
At62.job -> %SystemRoot%\tasks\At62.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:12 PM | Attr =	]
At63.job -> %SystemRoot%\tasks\At63.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:12 PM | Attr =	]
At64.job -> %SystemRoot%\tasks\At64.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:13 PM | Attr =	]
At65.job -> %SystemRoot%\tasks\At65.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:14 PM | Attr =	]
At66.job -> %SystemRoot%\tasks\At66.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:14 PM | Attr =	]
At67.job -> %SystemRoot%\tasks\At67.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:14 PM | Attr =	]
At68.job -> %SystemRoot%\tasks\At68.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:14 PM | Attr =	]
At69.job -> %SystemRoot%\tasks\At69.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:14 PM | Attr =	]
At7.job -> %SystemRoot%\tasks\At7.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 5:28:31 PM | Attr =	]
At70.job -> %SystemRoot%\tasks\At70.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:14 PM | Attr =	]
At71.job -> %SystemRoot%\tasks\At71.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:14 PM | Attr =	]
At72.job -> %SystemRoot%\tasks\At72.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:15 PM | Attr =	]
At73.job -> %SystemRoot%\tasks\At73.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:15 PM | Attr =	]
At74.job -> %SystemRoot%\tasks\At74.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:19 PM | Attr =	]
At75.job -> %SystemRoot%\tasks\At75.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:37 PM | Attr =	]
At76.job -> %SystemRoot%\tasks\At76.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:45 PM | Attr =	]
At77.job -> %SystemRoot%\tasks\At77.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:46 PM | Attr =	]
At78.job -> %SystemRoot%\tasks\At78.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:46 PM | Attr =	]
At79.job -> %SystemRoot%\tasks\At79.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:47 PM | Attr =	]
At8.job -> %SystemRoot%\tasks\At8.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:38:15 PM | Attr =	]
At80.job -> %SystemRoot%\tasks\At80.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:30:47 PM | Attr =	]
At81.job -> %SystemRoot%\tasks\At81.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:51 PM | Attr =	]
At82.job -> %SystemRoot%\tasks\At82.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:55 PM | Attr =	]
At83.job -> %SystemRoot%\tasks\At83.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:55 PM | Attr =	]
At84.job -> %SystemRoot%\tasks\At84.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:56 PM | Attr =	]
At85.job -> %SystemRoot%\tasks\At85.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:56 PM | Attr =	]
At86.job -> %SystemRoot%\tasks\At86.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:57 PM | Attr =	]
At87.job -> %SystemRoot%\tasks\At87.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:57 PM | Attr =	]
At88.job -> %SystemRoot%\tasks\At88.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:57 PM | Attr =	]
At89.job -> %SystemRoot%\tasks\At89.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:58 PM | Attr =	]
At9.job -> %SystemRoot%\tasks\At9.job ->  [Ver =  | Size = 362 bytes | Created Date = 10/25/2008 8:50:44 PM | Attr =	]
At90.job -> %SystemRoot%\tasks\At90.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:58 PM | Attr =	]
At91.job -> %SystemRoot%\tasks\At91.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:58 PM | Attr =	]
At92.job -> %SystemRoot%\tasks\At92.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:58 PM | Attr =	]
At93.job -> %SystemRoot%\tasks\At93.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:58 PM | Attr =	]
At94.job -> %SystemRoot%\tasks\At94.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:58 PM | Attr =	]
At95.job -> %SystemRoot%\tasks\At95.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:58 PM | Attr =	]
At96.job -> %SystemRoot%\tasks\At96.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:58 PM | Attr =	]
At97.job -> %SystemRoot%\tasks\At97.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:58 PM | Attr =	]
At98.job -> %SystemRoot%\tasks\At98.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:59 PM | Attr =	]
At99.job -> %SystemRoot%\tasks\At99.job ->  [Ver =  | Size = 332 bytes | Created Date = 10/27/2008 5:32:59 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Fugazo -> %AllUsersProfile%\Application Data\Fugazo ->  [Folder | Created Date = 10/18/2008 2:59:02 PM | Attr =	]
GameHouse -> %AllUsersProfile%\Application Data\GameHouse ->  [Folder | Created Date = 10/4/2008 4:02:29 PM | Attr =	]
iWin -> %AllUsersProfile%\Application Data\iWin ->  [Folder | Created Date = 10/7/2008 11:28:51 AM | Attr =	]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 10/26/2008 7:15:05 AM | Attr =	]
Zylom -> %AllUsersProfile%\Application Data\Zylom ->  [Folder | Created Date = 10/5/2008 1:27:55 PM | Attr =	]
GameHouse -> %AppData%\GameHouse ->  [Folder | Created Date = 10/7/2008 9:43:37 AM | Attr =	]
iWin -> %AppData%\iWin ->  [Folder | Created Date = 10/7/2008 11:28:51 AM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 10/26/2008 7:15:10 AM | Attr =	]
KRX -> %UserProfile%\Local Settings\Application Data\KRX ->  [Folder | Created Date = 10/27/2008 3:19:26 PM | Attr =	]
EDF%20218%20CASE%20STUDY%20OF%20Joey%20Pletcher.pdf -> %UserProfile%\My Documents\EDF%20218%20CASE%20STUDY%20OF%20Joey%20Pletcher.pdf ->  [Ver =  | Size = 20600 bytes | Created Date = 10/23/2008 8:23:41 PM | Attr =	]
gaji samsiah.xls -> %UserProfile%\My Documents\gaji samsiah.xls ->  [Ver =  | Size = 16896 bytes | Created Date = 10/7/2008 7:14:54 AM | Attr =	]
Ifzul Azim is an 11 year old boy lives with his family at Saujana Impian.docx -> %UserProfile%\My Documents\Ifzul Azim is an 11 year old boy lives with his family at Saujana Impian.docx ->  [Ver =  | Size = 11365 bytes | Created Date = 10/23/2008 8:24:40 PM | Attr =	]
Jojos Fashion Show 2 -> %UserProfile%\My Documents\Jojos Fashion Show 2 ->  [Folder | Created Date = 10/19/2008 7:44:03 PM | Attr =	]
JWPMR2008.pdf -> %UserProfile%\My Documents\JWPMR2008.pdf ->  [Ver =  | Size = 334198 bytes | Created Date = 10/14/2008 2:07:56 PM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 696 bytes | Created Date = 10/26/2008 7:15:09 AM | Attr =	]
Athan.lnk -> %UserProfile%\Desktop\Athan.lnk ->  [Ver =  | Size = 1483 bytes | Created Date = 9/27/2008 10:19:07 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 10/25/2008 11:06:34 PM | Attr =	]
Shortcut to Virtual Villagers - The Secret City.lnk -> %UserProfile%\Desktop\Shortcut to Virtual Villagers - The Secret City.lnk ->  [Ver =  | Size = 792 bytes | Created Date = 10/22/2008 8:26:19 AM | Attr =	]
Vopt.lnk -> %UserProfile%\Desktop\Vopt.lnk ->  [Ver =  | Size = 1579 bytes | Created Date = 9/28/2008 6:59:23 AM | Attr =	]
ERUNT -> %ProgramFiles%\ERUNT ->  [Folder | Created Date = 10/26/2008 7:06:30 AM | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 10/26/2008 7:15:05 AM | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 10/25/2008 11:06:34 PM | Attr =	]
Vopt8 -> %ProgramFiles%\Vopt8 ->  [Folder | Created Date = 9/28/2008 6:59:21 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
autorun.inf -> %SystemDrive%\autorun.inf ->  [Ver =  | Size = 88 bytes | Modified Date = 10/27/2008 10:12:32 PM | Attr = RHS]
hpqp.ini -> %SystemDrive%\hpqp.ini ->  [Ver =  | Size = 313 bytes | Modified Date = 10/27/2008 4:51:10 PM | Attr =	]
Mc~.vbe -> %SystemDrive%\Mc~.vbe ->  [Ver =  | Size = 1082370 bytes | Modified Date = 10/21/2008 8:10:37 AM | Attr = RHS]
ntldr -> %SystemDrive%\ntldr ->  [Ver =  | Size = 250048 bytes | Modified Date = 10/27/2008 4:17:04 PM | Attr = RHS]
XP_TV.ini -> %SystemDrive%\XP_TV.ini ->  [Ver =  | Size = 39 bytes | Modified Date = 10/27/2008 4:50:52 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 10/25/2008 11:49:41 PM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 337056 bytes | Modified Date = 10/27/2008 4:50:38 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 61026 bytes | Modified Date = 10/27/2008 4:54:58 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 401032 bytes | Modified Date = 10/27/2008 4:54:58 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 468864 bytes | Modified Date = 10/27/2008 4:54:57 PM | Attr =	]
prnjobt.vbe -> %SystemRoot%\System32\prnjobt.vbe ->  [Ver =  | Size = 1082370 bytes | Modified Date = 10/27/2008 10:12:32 PM | Attr = RHS]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 10/27/2008 4:54:50 PM | Attr =	]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 10/27/2008 4:50:40 PM | Attr =   S]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 9/27/2008 10:18:28 PM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 49 bytes | Modified Date = 10/24/2008 9:21:11 PM | Attr =	]
At1.job -> %SystemRoot%\tasks\At1.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:00 PM | Attr =	]
At10.job -> %SystemRoot%\tasks\At10.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:00 PM | Attr =	]
At100.job -> %SystemRoot%\tasks\At100.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:59 PM | Attr =	]
At101.job -> %SystemRoot%\tasks\At101.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:59 PM | Attr =	]
At102.job -> %SystemRoot%\tasks\At102.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:59 PM | Attr =	]
At103.job -> %SystemRoot%\tasks\At103.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:59 PM | Attr =	]
At104.job -> %SystemRoot%\tasks\At104.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:59 PM | Attr =	]
At105.job -> %SystemRoot%\tasks\At105.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:01 PM | Attr =	]
At106.job -> %SystemRoot%\tasks\At106.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:01 PM | Attr =	]
At107.job -> %SystemRoot%\tasks\At107.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:01 PM | Attr =	]
At108.job -> %SystemRoot%\tasks\At108.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:01 PM | Attr =	]
At109.job -> %SystemRoot%\tasks\At109.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:01 PM | Attr =	]
At11.job -> %SystemRoot%\tasks\At11.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:00 PM | Attr =	]
At110.job -> %SystemRoot%\tasks\At110.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:01 PM | Attr =	]
At111.job -> %SystemRoot%\tasks\At111.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:01 PM | Attr =	]
At112.job -> %SystemRoot%\tasks\At112.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At12.job -> %SystemRoot%\tasks\At12.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:00 PM | Attr =	]
At13.job -> %SystemRoot%\tasks\At13.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:00 PM | Attr =	]
At14.job -> %SystemRoot%\tasks\At14.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:00 PM | Attr =	]
At15.job -> %SystemRoot%\tasks\At15.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:01 PM | Attr =	]
At16.job -> %SystemRoot%\tasks\At16.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:01 PM | Attr =	]
At17.job -> %SystemRoot%\tasks\At17.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:02 PM | Attr =	]
At18.job -> %SystemRoot%\tasks\At18.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:04 PM | Attr =	]
At19.job -> %SystemRoot%\tasks\At19.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:05 PM | Attr =	]
At2.job -> %SystemRoot%\tasks\At2.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:05 PM | Attr =	]
At20.job -> %SystemRoot%\tasks\At20.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:05 PM | Attr =	]
At21.job -> %SystemRoot%\tasks\At21.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:05 PM | Attr =	]
At22.job -> %SystemRoot%\tasks\At22.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:06 PM | Attr =	]
At23.job -> %SystemRoot%\tasks\At23.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:07 PM | Attr =	]
At24.job -> %SystemRoot%\tasks\At24.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:08 PM | Attr =	]
At25.job -> %SystemRoot%\tasks\At25.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:09 PM | Attr =	]
At26.job -> %SystemRoot%\tasks\At26.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:11 PM | Attr =	]
At27.job -> %SystemRoot%\tasks\At27.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:12 PM | Attr =	]
At28.job -> %SystemRoot%\tasks\At28.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:14 PM | Attr =	]
At29.job -> %SystemRoot%\tasks\At29.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:15 PM | Attr =	]
At3.job -> %SystemRoot%\tasks\At3.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:15 PM | Attr =	]
At30.job -> %SystemRoot%\tasks\At30.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:15 PM | Attr =	]
At31.job -> %SystemRoot%\tasks\At31.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:16 PM | Attr =	]
At32.job -> %SystemRoot%\tasks\At32.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:18 PM | Attr =	]
At33.job -> %SystemRoot%\tasks\At33.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:20 PM | Attr =	]
At34.job -> %SystemRoot%\tasks\At34.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:22 PM | Attr =	]
At35.job -> %SystemRoot%\tasks\At35.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:32 PM | Attr =	]
At36.job -> %SystemRoot%\tasks\At36.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:33 PM | Attr =	]
At37.job -> %SystemRoot%\tasks\At37.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:40 PM | Attr =	]
At38.job -> %SystemRoot%\tasks\At38.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At39.job -> %SystemRoot%\tasks\At39.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At4.job -> %SystemRoot%\tasks\At4.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At40.job -> %SystemRoot%\tasks\At40.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At41.job -> %SystemRoot%\tasks\At41.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At42.job -> %SystemRoot%\tasks\At42.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At43.job -> %SystemRoot%\tasks\At43.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At44.job -> %SystemRoot%\tasks\At44.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At45.job -> %SystemRoot%\tasks\At45.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:45 PM | Attr =	]
At46.job -> %SystemRoot%\tasks\At46.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:45 PM | Attr =	]
At47.job -> %SystemRoot%\tasks\At47.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:46 PM | Attr =	]
At48.job -> %SystemRoot%\tasks\At48.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:47 PM | Attr =	]
At49.job -> %SystemRoot%\tasks\At49.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:47 PM | Attr =	]
At5.job -> %SystemRoot%\tasks\At5.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:48 PM | Attr =	]
At50.job -> %SystemRoot%\tasks\At50.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:51 PM | Attr =	]
At51.job -> %SystemRoot%\tasks\At51.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:53 PM | Attr =	]
At52.job -> %SystemRoot%\tasks\At52.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:03 PM | Attr =	]
At53.job -> %SystemRoot%\tasks\At53.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:09 PM | Attr =	]
At54.job -> %SystemRoot%\tasks\At54.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:18 PM | Attr =	]
At55.job -> %SystemRoot%\tasks\At55.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:22 PM | Attr =	]
At56.job -> %SystemRoot%\tasks\At56.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:22 PM | Attr =	]
At57.job -> %SystemRoot%\tasks\At57.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At58.job -> %SystemRoot%\tasks\At58.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At59.job -> %SystemRoot%\tasks\At59.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At6.job -> %SystemRoot%\tasks\At6.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:23 PM | Attr =	]
At60.job -> %SystemRoot%\tasks\At60.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At61.job -> %SystemRoot%\tasks\At61.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At62.job -> %SystemRoot%\tasks\At62.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At63.job -> %SystemRoot%\tasks\At63.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At64.job -> %SystemRoot%\tasks\At64.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At65.job -> %SystemRoot%\tasks\At65.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At66.job -> %SystemRoot%\tasks\At66.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At67.job -> %SystemRoot%\tasks\At67.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At68.job -> %SystemRoot%\tasks\At68.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At69.job -> %SystemRoot%\tasks\At69.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At7.job -> %SystemRoot%\tasks\At7.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:23 PM | Attr =	]
At70.job -> %SystemRoot%\tasks\At70.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At71.job -> %SystemRoot%\tasks\At71.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At72.job -> %SystemRoot%\tasks\At72.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At73.job -> %SystemRoot%\tasks\At73.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At74.job -> %SystemRoot%\tasks\At74.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At75.job -> %SystemRoot%\tasks\At75.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At76.job -> %SystemRoot%\tasks\At76.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At77.job -> %SystemRoot%\tasks\At77.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At78.job -> %SystemRoot%\tasks\At78.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At79.job -> %SystemRoot%\tasks\At79.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At8.job -> %SystemRoot%\tasks\At8.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:24 PM | Attr =	]
At80.job -> %SystemRoot%\tasks\At80.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At81.job -> %SystemRoot%\tasks\At81.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:54 PM | Attr =	]
At82.job -> %SystemRoot%\tasks\At82.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:56 PM | Attr =	]
At83.job -> %SystemRoot%\tasks\At83.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:56 PM | Attr =	]
At84.job -> %SystemRoot%\tasks\At84.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:56 PM | Attr =	]
At85.job -> %SystemRoot%\tasks\At85.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:57 PM | Attr =	]
At86.job -> %SystemRoot%\tasks\At86.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At87.job -> %SystemRoot%\tasks\At87.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At88.job -> %SystemRoot%\tasks\At88.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At89.job -> %SystemRoot%\tasks\At89.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At9.job -> %SystemRoot%\tasks\At9.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:24 PM | Attr =	]
At90.job -> %SystemRoot%\tasks\At90.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At91.job -> %SystemRoot%\tasks\At91.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At92.job -> %SystemRoot%\tasks\At92.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At93.job -> %SystemRoot%\tasks\At93.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At94.job -> %SystemRoot%\tasks\At94.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At95.job -> %SystemRoot%\tasks\At95.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At96.job -> %SystemRoot%\tasks\At96.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At97.job -> %SystemRoot%\tasks\At97.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At98.job -> %SystemRoot%\tasks\At98.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At99.job -> %SystemRoot%\tasks\At99.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 10/27/2008 4:50:44 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 2/27/2008 12:31:35 AM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4646 bytes | Modified Date = 10/27/2008 4:47:18 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 10/27/2008 4:47:18 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 12/26/2007 5:56:47 AM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 12/26/2007 5:56:47 AM | Attr =	]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 10/27/2008 10:01:34 PM | Attr =	]
Perflib_Perfdata_71c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_71c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 10/27/2008 4:50:44 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 8192 bytes | Modified Date = 10/20/2008 10:13:43 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4279100 bytes | Modified Date = 10/27/2008 4:49:57 PM | Attr =  H ]
EDF%20218%20CASE%20STUDY%20OF%20Joey%20Pletcher.pdf -> %UserProfile%\My Documents\EDF%20218%20CASE%20STUDY%20OF%20Joey%20Pletcher.pdf ->  [Ver =  | Size = 20600 bytes | Modified Date = 10/23/2008 8:23:41 PM | Attr =	]
gaji samsiah.xls -> %UserProfile%\My Documents\gaji samsiah.xls ->  [Ver =  | Size = 16896 bytes | Modified Date = 10/7/2008 7:14:54 AM | Attr =	]
Ifzul Azim is an 11 year old boy lives with his family at Saujana Impian.docx -> %UserProfile%\My Documents\Ifzul Azim is an 11 year old boy lives with his family at Saujana Impian.docx ->  [Ver =  | Size = 11365 bytes | Modified Date = 10/23/2008 8:24:41 PM | Attr =	]
JWPMR2008.pdf -> %UserProfile%\My Documents\JWPMR2008.pdf ->  [Ver =  | Size = 334198 bytes | Modified Date = 10/14/2008 2:07:56 PM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 696 bytes | Modified Date = 10/26/2008 7:15:09 AM | Attr =	]
Athan.lnk -> %UserProfile%\Desktop\Athan.lnk ->  [Ver =  | Size = 1483 bytes | Modified Date = 9/27/2008 10:19:07 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 10/25/2008 11:06:34 PM | Attr =	]
Revo Uninstaller.lnk -> %UserProfile%\Desktop\Revo Uninstaller.lnk ->  [Ver =  | Size = 917 bytes | Modified Date = 10/26/2008 8:00:26 AM | Attr =	]
Shortcut to Virtual Villagers - The Secret City.lnk -> %UserProfile%\Desktop\Shortcut to Virtual Villagers - The Secret City.lnk ->  [Ver =  | Size = 792 bytes | Modified Date = 10/22/2008 8:26:19 AM | Attr =	]
Vopt.lnk -> %UserProfile%\Desktop\Vopt.lnk ->  [Ver =  | Size = 1579 bytes | Modified Date = 9/28/2008 6:59:23 AM | Attr =	]

[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
Application Data -> C:\Documents and Settings\All Users\Application Data ->  [Folder | Modified Date = 10/26/2008 7:15:05 AM | Attr = RH ]
Acronis -> C:\Documents and Settings\All Users\Application Data\Acronis ->  [Folder | Modified Date = 12/26/2007 6:18:36 AM | Attr =	]
Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe ->  [Folder | Modified Date = 3/5/2008 4:14:57 AM | Attr =	]
Avg7 -> C:\Documents and Settings\All Users\Application Data\Avg7 ->  [Folder | Modified Date = 10/26/2008 12:07:21 AM | Attr =	]
CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink ->  [Folder | Modified Date = 12/26/2007 5:48:51 AM | Attr =	]
FarmFrenzy2 -> C:\Documents and Settings\All Users\Application Data\FarmFrenzy2 ->  [Folder | Modified Date = 9/3/2008 11:18:26 AM | Attr =	]
Fashion Solitaire 1.2 -> C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2 ->  [Folder | Modified Date = 5/2/2008 7:03:48 AM | Attr =	]
FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet ->  [Folder | Modified Date = 9/16/2008 7:33:16 PM | Attr =	]
FreshGames -> C:\Documents and Settings\All Users\Application Data\FreshGames ->  [Folder | Modified Date = 8/15/2008 5:32:42 PM | Attr =	]
Fugazo -> C:\Documents and Settings\All Users\Application Data\Fugazo ->  [Folder | Modified Date = 10/18/2008 2:59:02 PM | Attr =	]
GameHouse -> C:\Documents and Settings\All Users\Application Data\GameHouse ->  [Folder | Modified Date = 10/4/2008 4:02:29 PM | Attr =	]
Gogii -> C:\Documents and Settings\All Users\Application Data\Gogii ->  [Folder | Modified Date = 3/29/2008 8:30:40 AM | Attr =	]
Google -> C:\Documents and Settings\All Users\Application Data\Google ->  [Folder | Modified Date = 3/7/2008 10:08:46 AM | Attr =	]
HipSoft -> C:\Documents and Settings\All Users\Application Data\HipSoft ->  [Folder | Modified Date = 5/2/2008 12:43:16 PM | Attr =	]
HP -> C:\Documents and Settings\All Users\Application Data\HP ->  [Folder | Modified Date = 12/26/2007 5:42:26 AM | Attr =	]
iWin -> C:\Documents and Settings\All Users\Application Data\iWin ->  [Folder | Modified Date = 10/7/2008 11:28:51 AM | Attr =	]
JollyBear -> C:\Documents and Settings\All Users\Application Data\JollyBear ->  [Folder | Modified Date = 8/8/2008 5:13:16 PM | Attr =	]
Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft ->  [Folder | Modified Date = 6/12/2008 12:27:28 PM | Attr =	]
Lifetime -> C:\Documents and Settings\All Users\Application Data\Lifetime ->  [Folder | Modified Date = 6/10/2008 2:28:59 PM | Attr =	]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes ->  [Folder | Modified Date = 10/26/2008 7:15:05 AM | Attr =	]
Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft ->  [Folder | Modified Date = 8/6/2008 1:05:39 AM | Attr =   S]
Microsoft Help -> C:\Documents and Settings\All Users\Application Data\Microsoft Help ->  [Folder | Modified Date = 2/28/2008 2:56:37 PM | Attr =	]
MumboJumbo -> C:\Documents and Settings\All Users\Application Data\MumboJumbo ->  [Folder | Modified Date = 10/5/2008 1:34:44 PM | Attr =	]
MythPeople -> C:\Documents and Settings\All Users\Application Data\MythPeople ->  [Folder | Modified Date = 9/16/2008 12:41:04 AM | Attr =	]
PlayFirst -> C:\Documents and Settings\All Users\Application Data\PlayFirst ->  [Folder | Modified Date = 8/13/2008 12:09:17 AM | Attr =	]
PlayPond -> C:\Documents and Settings\All Users\Application Data\PlayPond ->  [Folder | Modified Date = 5/1/2008 5:15:02 PM | Attr =	]
Playrix Entertainment -> C:\Documents and Settings\All Users\Application Data\Playrix Entertainment ->  [Folder | Modified Date = 9/20/2008 2:56:11 PM | Attr =	]
PopCap -> C:\Documents and Settings\All Users\Application Data\PopCap ->  [Folder | Modified Date = 3/29/2008 8:54:19 AM | Attr =	]
Sandlot Games -> C:\Documents and Settings\All Users\Application Data\Sandlot Games ->  [Folder | Modified Date = 4/29/2008 7:39:02 AM | Attr =	]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 10/27/2008 5:38:01 PM | Attr =	]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP ->  [Folder | Modified Date = 9/15/2008 11:30:54 PM | Attr =	]
@Alternate Data Stream - 117 bytes -> %AllUsersProfile%\Application Data\TEMP:0D1FEB5D
@Alternate Data Stream - 125 bytes -> %AllUsersProfile%\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:3D19638E
@Alternate Data Stream - 123 bytes -> %AllUsersProfile%\Application Data\TEMP:47BE4EDF
@Alternate Data Stream - 99 bytes -> %AllUsersProfile%\Application Data\TEMP:4B5CDE9B
@Alternate Data Stream - 117 bytes -> %AllUsersProfile%\Application Data\TEMP:6107567A
@Alternate Data Stream - 123 bytes -> %AllUsersProfile%\Application Data\TEMP:912389B7
@Alternate Data Stream - 99 bytes -> %AllUsersProfile%\Application Data\TEMP:C25C9263
@Alternate Data Stream - 117 bytes -> %AllUsersProfile%\Application Data\TEMP:DB365884
Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage ->  [Folder | Modified Date = 9/1/2008 9:59:22 PM | Attr =	]
Zylom -> C:\Documents and Settings\All Users\Application Data\Zylom ->  [Folder | Modified Date = 10/5/2008 1:27:55 PM | Attr =	]
Application Data -> C:\Documents and Settings\User\Application Data ->  [Folder | Modified Date = 10/26/2008 7:15:10 AM | Attr = RH ]
Adobe -> C:\Documents and Settings\User\Application Data\Adobe ->  [Folder | Modified Date = 3/11/2008 12:01:31 PM | Attr =	]
Ahead -> C:\Documents and Settings\User\Application Data\Ahead ->  [Folder | Modified Date = 12/26/2007 5:47:06 AM | Attr =	]
Ancient Quest of Saqqarah__real -> C:\Documents and Settings\User\Application Data\Ancient Quest of Saqqarah__real ->  [Folder | Modified Date = 9/18/2008 9:41:57 PM | Attr =	]
Bloom -> C:\Documents and Settings\User\Application Data\Bloom ->  [Folder | Modified Date = 3/28/2008 10:37:22 PM | Attr =	]
GameHouse -> C:\Documents and Settings\User\Application Data\GameHouse ->  [Folder | Modified Date = 10/7/2008 9:47:24 AM | Attr =	]
Gamelab -> C:\Documents and Settings\User\Application Data\Gamelab ->  [Folder | Modified Date = 8/15/2008 5:17:43 PM | Attr =	]
GamesCafe -> C:\Documents and Settings\User\Application Data\GamesCafe ->  [Folder | Modified Date = 5/12/2008 4:19:05 PM | Attr =	]
Genimo -> C:\Documents and Settings\User\Application Data\Genimo ->  [Folder | Modified Date = 9/11/2008 10:34:04 AM | Attr =	]
GSplit -> C:\Documents and Settings\User\Application Data\GSplit ->  [Folder | Modified Date = 9/25/2008 11:13:15 PM | Attr =	]
Identities -> C:\Documents and Settings\User\Application Data\Identities ->  [Folder | Modified Date = 12/26/2007 5:31:42 AM | Attr =	]
ITTNord -> C:\Documents and Settings\User\Application Data\ITTNord ->  [Folder | Modified Date = 9/3/2008 11:28:44 AM | Attr =	]
iWin -> C:\Documents and Settings\User\Application Data\iWin ->  [Folder | Modified Date = 10/7/2008 11:28:51 AM | Attr =	]
Jane s Hotel  Family Hero -> C:\Documents and Settings\User\Application Data\Jane s Hotel  Family Hero ->  [Folder | Modified Date = 5/1/2008 5:56:29 PM | Attr =	]
Lavasoft -> C:\Documents and Settings\User\Application Data\Lavasoft ->  [Folder | Modified Date = 4/2/2008 11:40:48 AM | Attr =	]
Macromedia -> C:\Documents and Settings\User\Application Data\Macromedia ->  [Folder | Modified Date = 2/26/2008 4:08:24 AM | Attr =	]
Malwarebytes -> C:\Documents and Settings\User\Application Data\Malwarebytes ->  [Folder | Modified Date = 10/26/2008 7:15:10 AM | Attr =	]
Media Player Classic -> C:\Documents and Settings\User\Application Data\Media Player Classic ->  [Folder | Modified Date = 3/16/2008 4:34:11 AM | Attr =	]
Meridian93 -> C:\Documents and Settings\User\Application Data\Meridian93 ->  [Folder | Modified Date = 7/26/2008 4:26:53 PM | Attr =	]
Microsoft -> C:\Documents and Settings\User\Application Data\Microsoft ->  [Folder | Modified Date = 9/21/2008 8:53:42 PM | Attr =   S]
MindMapper 2008 -> C:\Documents and Settings\User\Application Data\MindMapper 2008 ->  [Folder | Modified Date = 10/23/2008 3:10:13 PM | Attr =	]
Mozilla -> C:\Documents and Settings\User\Application Data\Mozilla ->  [Folder | Modified Date = 3/6/2008 10:24:19 AM | Attr =	]
My Games -> C:\Documents and Settings\User\Application Data\My Games ->  [Folder | Modified Date = 5/1/2008 1:43:43 AM | Attr =	]
PlayFirst -> C:\Documents and Settings\User\Application Data\PlayFirst ->  [Folder | Modified Date = 10/5/2008 12:07:50 AM | Attr =	]
Playrix Entertainment -> C:\Documents and Settings\User\Application Data\Playrix Entertainment ->  [Folder | Modified Date = 7/28/2008 7:33:50 PM | Attr =	]
Real -> C:\Documents and Settings\User\Application Data\Real ->  [Folder | Modified Date = 9/4/2008 12:21:46 AM | Attr =	]
ScummVM -> C:\Documents and Settings\User\Application Data\ScummVM ->  [Folder | Modified Date = 8/1/2008 10:41:09 PM | Attr =	]
Sun -> C:\Documents and Settings\User\Application Data\Sun ->  [Folder | Modified Date = 3/13/2008 3:15:30 PM | Attr =	]
Total Eclipse -> C:\Documents and Settings\User\Application Data\Total Eclipse ->  [Folder | Modified Date = 2/27/2008 9:28:50 AM | Attr =	]
U3 -> C:\Documents and Settings\User\Application Data\U3 ->  [Folder | Modified Date = 2/28/2008 2:35:42 AM | Attr =	]
UNOUndercover -> C:\Documents and Settings\User\Application Data\UNOUndercover ->  [Folder | Modified Date = 7/25/2008 2:30:29 PM | Attr =	]
ViquaSoft -> C:\Documents and Settings\User\Application Data\ViquaSoft ->  [Folder | Modified Date = 9/18/2008 10:04:38 PM | Attr =	]
Winamp -> C:\Documents and Settings\User\Application Data\Winamp ->  [Folder | Modified Date = 5/6/2008 10:26:28 AM | Attr =	]
WinRAR -> C:\Documents and Settings\User\Application Data\WinRAR ->  [Folder | Modified Date = 2/26/2008 3:21:42 PM | Attr =	]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks ->  [Folder | Modified Date = 10/27/2008 5:33:01 PM | Attr =   S]
At1.job -> C:\WINDOWS\Tasks\At1.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:00 PM | Attr =	]
At10.job -> C:\WINDOWS\Tasks\At10.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:00 PM | Attr =	]
At100.job -> C:\WINDOWS\Tasks\At100.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:59 PM | Attr =	]
At101.job -> C:\WINDOWS\Tasks\At101.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:59 PM | Attr =	]
At102.job -> C:\WINDOWS\Tasks\At102.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:59 PM | Attr =	]
At103.job -> C:\WINDOWS\Tasks\At103.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:59 PM | Attr =	]
At104.job -> C:\WINDOWS\Tasks\At104.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:59 PM | Attr =	]
At105.job -> C:\WINDOWS\Tasks\At105.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:01 PM | Attr =	]
At106.job -> C:\WINDOWS\Tasks\At106.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:01 PM | Attr =	]
At107.job -> C:\WINDOWS\Tasks\At107.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:01 PM | Attr =	]
At108.job -> C:\WINDOWS\Tasks\At108.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:01 PM | Attr =	]
At109.job -> C:\WINDOWS\Tasks\At109.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:01 PM | Attr =	]
At11.job -> C:\WINDOWS\Tasks\At11.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:00 PM | Attr =	]
At110.job -> C:\WINDOWS\Tasks\At110.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:01 PM | Attr =	]
At111.job -> C:\WINDOWS\Tasks\At111.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:01 PM | Attr =	]
At112.job -> C:\WINDOWS\Tasks\At112.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At12.job -> C:\WINDOWS\Tasks\At12.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:00 PM | Attr =	]
At13.job -> C:\WINDOWS\Tasks\At13.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:00 PM | Attr =	]
At14.job -> C:\WINDOWS\Tasks\At14.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:00 PM | Attr =	]
At15.job -> C:\WINDOWS\Tasks\At15.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:01 PM | Attr =	]
At16.job -> C:\WINDOWS\Tasks\At16.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:01 PM | Attr =	]
At17.job -> C:\WINDOWS\Tasks\At17.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:02 PM | Attr =	]
At18.job -> C:\WINDOWS\Tasks\At18.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:04 PM | Attr =	]
At19.job -> C:\WINDOWS\Tasks\At19.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:05 PM | Attr =	]
At2.job -> C:\WINDOWS\Tasks\At2.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:05 PM | Attr =	]
At20.job -> C:\WINDOWS\Tasks\At20.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:05 PM | Attr =	]
At21.job -> C:\WINDOWS\Tasks\At21.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:05 PM | Attr =	]
At22.job -> C:\WINDOWS\Tasks\At22.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:06 PM | Attr =	]
At23.job -> C:\WINDOWS\Tasks\At23.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:07 PM | Attr =	]
At24.job -> C:\WINDOWS\Tasks\At24.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:08 PM | Attr =	]
At25.job -> C:\WINDOWS\Tasks\At25.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:09 PM | Attr =	]
At26.job -> C:\WINDOWS\Tasks\At26.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:11 PM | Attr =	]
At27.job -> C:\WINDOWS\Tasks\At27.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:12 PM | Attr =	]
At28.job -> C:\WINDOWS\Tasks\At28.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:14 PM | Attr =	]
At29.job -> C:\WINDOWS\Tasks\At29.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:15 PM | Attr =	]
At3.job -> C:\WINDOWS\Tasks\At3.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:15 PM | Attr =	]
At30.job -> C:\WINDOWS\Tasks\At30.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:15 PM | Attr =	]
At31.job -> C:\WINDOWS\Tasks\At31.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:16 PM | Attr =	]
At32.job -> C:\WINDOWS\Tasks\At32.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:18 PM | Attr =	]
At33.job -> C:\WINDOWS\Tasks\At33.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:20 PM | Attr =	]
At34.job -> C:\WINDOWS\Tasks\At34.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:22 PM | Attr =	]
At35.job -> C:\WINDOWS\Tasks\At35.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:32 PM | Attr =	]
At36.job -> C:\WINDOWS\Tasks\At36.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:33 PM | Attr =	]
At37.job -> C:\WINDOWS\Tasks\At37.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:40 PM | Attr =	]
At38.job -> C:\WINDOWS\Tasks\At38.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At39.job -> C:\WINDOWS\Tasks\At39.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At4.job -> C:\WINDOWS\Tasks\At4.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At40.job -> C:\WINDOWS\Tasks\At40.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At41.job -> C:\WINDOWS\Tasks\At41.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At42.job -> C:\WINDOWS\Tasks\At42.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At43.job -> C:\WINDOWS\Tasks\At43.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At44.job -> C:\WINDOWS\Tasks\At44.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:44 PM | Attr =	]
At45.job -> C:\WINDOWS\Tasks\At45.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:45 PM | Attr =	]
At46.job -> C:\WINDOWS\Tasks\At46.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:45 PM | Attr =	]
At47.job -> C:\WINDOWS\Tasks\At47.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:46 PM | Attr =	]
At48.job -> C:\WINDOWS\Tasks\At48.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:47 PM | Attr =	]
At49.job -> C:\WINDOWS\Tasks\At49.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:47 PM | Attr =	]
At5.job -> C:\WINDOWS\Tasks\At5.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:48 PM | Attr =	]
At50.job -> C:\WINDOWS\Tasks\At50.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:51 PM | Attr =	]
At51.job -> C:\WINDOWS\Tasks\At51.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:30:53 PM | Attr =	]
At52.job -> C:\WINDOWS\Tasks\At52.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:03 PM | Attr =	]
At53.job -> C:\WINDOWS\Tasks\At53.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:09 PM | Attr =	]
At54.job -> C:\WINDOWS\Tasks\At54.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:18 PM | Attr =	]
At55.job -> C:\WINDOWS\Tasks\At55.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:22 PM | Attr =	]
At56.job -> C:\WINDOWS\Tasks\At56.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:22 PM | Attr =	]
At57.job -> C:\WINDOWS\Tasks\At57.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At58.job -> C:\WINDOWS\Tasks\At58.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At59.job -> C:\WINDOWS\Tasks\At59.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At6.job -> C:\WINDOWS\Tasks\At6.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:23 PM | Attr =	]
At60.job -> C:\WINDOWS\Tasks\At60.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At61.job -> C:\WINDOWS\Tasks\At61.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At62.job -> C:\WINDOWS\Tasks\At62.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At63.job -> C:\WINDOWS\Tasks\At63.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At64.job -> C:\WINDOWS\Tasks\At64.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At65.job -> C:\WINDOWS\Tasks\At65.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At66.job -> C:\WINDOWS\Tasks\At66.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At67.job -> C:\WINDOWS\Tasks\At67.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At68.job -> C:\WINDOWS\Tasks\At68.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At69.job -> C:\WINDOWS\Tasks\At69.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At7.job -> C:\WINDOWS\Tasks\At7.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:23 PM | Attr =	]
At70.job -> C:\WINDOWS\Tasks\At70.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At71.job -> C:\WINDOWS\Tasks\At71.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At72.job -> C:\WINDOWS\Tasks\At72.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At73.job -> C:\WINDOWS\Tasks\At73.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At74.job -> C:\WINDOWS\Tasks\At74.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At75.job -> C:\WINDOWS\Tasks\At75.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At76.job -> C:\WINDOWS\Tasks\At76.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At77.job -> C:\WINDOWS\Tasks\At77.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At78.job -> C:\WINDOWS\Tasks\At78.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At79.job -> C:\WINDOWS\Tasks\At79.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At8.job -> C:\WINDOWS\Tasks\At8.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:24 PM | Attr =	]
At80.job -> C:\WINDOWS\Tasks\At80.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:31:31 PM | Attr =	]
At81.job -> C:\WINDOWS\Tasks\At81.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:54 PM | Attr =	]
At82.job -> C:\WINDOWS\Tasks\At82.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:56 PM | Attr =	]
At83.job -> C:\WINDOWS\Tasks\At83.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:56 PM | Attr =	]
At84.job -> C:\WINDOWS\Tasks\At84.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:56 PM | Attr =	]
At85.job -> C:\WINDOWS\Tasks\At85.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:32:57 PM | Attr =	]
At86.job -> C:\WINDOWS\Tasks\At86.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At87.job -> C:\WINDOWS\Tasks\At87.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At88.job -> C:\WINDOWS\Tasks\At88.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At89.job -> C:\WINDOWS\Tasks\At89.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At9.job -> C:\WINDOWS\Tasks\At9.job ->  [Ver =  | Size = 362 bytes | Modified Date = 10/27/2008 5:31:24 PM | Attr =	]
At90.job -> C:\WINDOWS\Tasks\At90.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At91.job -> C:\WINDOWS\Tasks\At91.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At92.job -> C:\WINDOWS\Tasks\At92.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At93.job -> C:\WINDOWS\Tasks\At93.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At94.job -> C:\WINDOWS\Tasks\At94.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At95.job -> C:\WINDOWS\Tasks\At95.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At96.job -> C:\WINDOWS\Tasks\At96.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At97.job -> C:\WINDOWS\Tasks\At97.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At98.job -> C:\WINDOWS\Tasks\At98.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
At99.job -> C:\WINDOWS\Tasks\At99.job ->  [Ver =  | Size = 332 bytes | Modified Date = 10/27/2008 5:33:02 PM | Attr =	]
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = RH ]
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 10/27/2008 4:50:44 PM | Attr =  H ]
[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2A441CBF-B29F-A895-03E6-342DE6DBA17B}]
"iaecgnoodmkpnccmch"=hex:6a,61,70,6d,62,6a,65,63,66,61,62,6c,67,63,65,6f,6a,63,6d,63,00,..
"haobdaalnhbgcjdg"=hex:6a,61,70,6d,62,6a,65,63,66,61,62,6c,67,63,65,6f,6a,63,6d,63,00,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C32D1C79-B995-DA62-6EA9-54892CDED718}]
"iaijlibblbmkookdgf"=hex:6a,61,62,6d,67,6a,61,6c,6c,6d,6c,6f,70,65,63,6f,66,63,69,6d,00,..
"haojfdoedkdpfnmo"=hex:6a,61,62,6d,67,6a,61,6c,6d,6d,6b,6f,6d,65,70,64,61,6c,65,69,00,..
scanning hidden files ...
C:\WINDOWS\SHELLNEW\Thumbs.db:encryptable 0 bytes
C:\WINDOWS\system32\Thumbs.db:encryptable 0 bytes
C:\WINDOWS\Thumbs.db:encryptable 0 bytes
C:\WINDOWS\Web\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:0D1FEB5D 117 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC 125 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:3D19638E 104 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:47BE4EDF 123 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:4B5CDE9B 99 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:6107567A 117 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:912389B7 123 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:C25C9263 99 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:DB365884 117 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\User\Application Data\GameHouse\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\User\Application Data\Microsoft\Templates\Document Themes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\User\Favorites\27,000 Baby Names, From Baby to Bobbi, Meanings and Origins at Baby Names World.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Abang\Exploratory research - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\User\Favorites\Abang\Kelvin Knot, How To Tie a Kelvin Knot, Kelvin Knot Steps  2TieATie.com.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Abang\Online Rorschach Test Results.url:favicon 318 bytes
C:\Documents and Settings\User\Favorites\Abang\Theory of cognitive development - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\User\Favorites\Abang\Validity (statistics) - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\User\Favorites\Andorra\Andorra - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\User\Favorites\Andorra\Carla Bruni Biography, Profile, Filmography, Discography and more....url:favicon 3638 bytes
C:\Documents and Settings\User\Favorites\Andorra\lifespan development and lifelong learning.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Andorra\NationMaster - Andorran People statistics.url:favicon 1366 bytes
C:\Documents and Settings\User\Favorites\Baby Boy Names, From Braxton to Brooke, Meanings and Origins at Baby Names World.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Brazil\brazil Delivery Boy Newshounds Show Life in Sao Paulo.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Brazil\Brazil People.url:favicon 318 bytes
C:\Documents and Settings\User\Favorites\Brazil\Brazilian People and Colors - Hip Brazil Everything Brazil.url:favicon 318 bytes
C:\Documents and Settings\User\Favorites\Brazil\NationMaster - Brazilian People statistics.url:favicon 1366 bytes
C:\Documents and Settings\User\Favorites\Double Click C Drive at My Computer And Not Opening Fix » Raymond.CC Blog.url:favicon 3638 bytes
C:\Documents and Settings\User\Favorites\Email\---Welcome to TMnet Webmail---.url:favicon 25214 bytes
C:\Documents and Settings\User\Favorites\Email\Hotmail.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Email\Sign in to Yahoo UK!.url:favicon 6598 bytes
C:\Documents and Settings\User\Favorites\Email\TM Net - WEBMAIL Login.url:favicon 25214 bytes
C:\Documents and Settings\User\Favorites\Email\Welcome to Gmail.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Entertainment\Lirik\Song Lyrics  Lirik Lagu Artis Indonesia, Melayu, Nasyid, Singapura, Mandarin, Raya, Malaysia.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Entertainment\Movies\Cinema Online, Malaysia's most comprehensive cinema and movie resource.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Entertainment\Movies\Free Movie Only Search results for narnia.url:favicon 3638 bytes
C:\Documents and Settings\User\Favorites\Entertainment\Movies\Latest Release Date Movies - Watch Movies Online For Free Full Movie Downloads.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Entertainment\Movies\Watch Movies Online For Free Full Movie Downloads.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Entertainment\MP3\JIWANG.ORG.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Entertainment\MP3\LAGU TOP MASA KINI.url:favicon 3638 bytes
C:\Documents and Settings\User\Favorites\Entertainment\MP3\The Cover Girls - Wishing on a Star - eSnips, share anything.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Entertainment\MP3\The Gr8est MP3s In Town.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Entertainment\Nokia 3110c Games\Download Nokia 3110 Classic Games - Free Java Games from MobileRated.url:favicon 3638 bytes
C:\Documents and Settings\User\Favorites\Entertainment\TV shows\All About Heroes 2 Heroes 2 Episode 10.url:favicon 3638 bytes
C:\Documents and Settings\User\Favorites\Entertainment\TV shows\Desperate Housewives.url:favicon 2550 bytes
C:\Documents and Settings\User\Favorites\Entertainment\TV shows\Fanpop - What are you a fan of.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Entertainment\TV shows\Heroes.url:favicon 2550 bytes
C:\Documents and Settings\User\Favorites\Entertainment\TV shows\TV Shows.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Entertainment\TV shows\TV-Video.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Entertainment\TV shows\Watch TV Sitcoms.Com Home.url:favicon 2550 bytes
C:\Documents and Settings\User\Favorites\FileShare  JIWANG! Download Lagu Malaysia Indonesia SUPer Efficient Defragmentor Software in no time, Software.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Games\Esnips.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Games\All Games - Freeware Game Downloads -.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Games\CrackDB.com.url:favicon 5430 bytes
C:\Documents and Settings\User\Favorites\Games\DarkForum DarkForum - Games & Cracks -.url:favicon 2862 bytes
C:\Documents and Settings\User\Favorites\Games\Farm Frenzy 2.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Games\Fashion Boutique Hints, Tips and Tricks - Pozirk Games.url:favicon 766 bytes
C:\Documents and Settings\User\Favorites\Games\Fashion Boutique Tips & Tricks - Gamezebo.com.url:favicon 2550 bytes
C:\Documents and Settings\User\Favorites\Games\Free Online Games - GameGecko.com.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Games\GameCopyWorld - Mirrors.url:favicon 318 bytes
C:\Documents and Settings\User\Favorites\Games\gamefaqs Luxor (PC) FAQ-Walkthrough by Josantium.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Games\Games - Download Rapidshare Movies, Games, Videos, Music, & Appz..url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Games\Games to download\5 Days A Stranger Screenshot - 1.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Games\GG E-Sports Platform --- by Gamers, for Gamers GG ClientDotALan GameOnline GameWarcraftGame.url:favicon 23558 bytes
C:\Documents and Settings\User\Favorites\Games\List GameHouse Serial Number.url:favicon 3638 bytes
C:\Documents and Settings\User\Favorites\Games\Oberon Games.url:favicon 22486 bytes
C:\Documents and Settings\User\Favorites\Games\Register member » Full Software Downloads - Download For All.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Games\rooms The Main Building walkthrough, review, discussion, hints and tips at Jay is Games.url:favicon 3638 bytes
C:\Documents and Settings\User\Favorites\Games\Strategy Games  Game Downloads at Logler.com.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Japanese Baby Names for Boys - N.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Japanese Baby Names for Girls - N.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Kamus\Citcat.url:favicon 3638 bytes
C:\Documents and Settings\User\Favorites\Kamus\Dictionary and Thesaurus - Merriam-Webster Online.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Kamus\Glossary of Legal Terms.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\Lau v Hargill Engineering Sdn Bhd [FC].url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\Standard Chartered Bank v Kuala Lumpur Landmark Sdn Bhd [HCM].url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\Associated Pan Malaysia Cement Sdn Bhd v Syarikat Teknikal & Kejuruteraan Sdn Bhd [SCM].url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\contents of contract.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\Coramas Sdn Bhd v Rakyat First Merchant Bankers Bhd [SCM].url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\goldsworthy v. brickell - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\Lebbey Sdn Bhd v Tan Keng Hong [HC].url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\Lister v Romford Ice & Cold Storage.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\Mistake.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\Nallammal v Karuppanan [HCM].url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\Oh Hiam v Tham Kong [PC].url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\Polygram Records Sdn Bhd v The Search [HCM].url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\Tan Chong & Sons Motor Co Sdn Bhd v McKnight [FCM].url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\The Law of Contract -Summarised.url:favicon 6598 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\Yong & Co v Wee Hood Teck Development Corporation [FCM].url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Contract\Contract Cases\Yuson Bien v Bankers Trust Co Ltd [FC].url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Equity & Trust\Anyone up for this THE COMMON LAW AND EQUITY - Legal Banter.url:favicon 10134 bytes
C:\Documents and Settings\User\Favorites\Law\Equity & Trust\Charitable Trust.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Equity & Trust\Conditional Gifts and Freedom of Testation Time for a Review - [2001] WkoLRev 2; 9 Waikato Law Review 24.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Law\Equity & Trust\Example Zoom search template page.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Equity & Trust\Lawlink NSW 7. Property Disputes Between De Facto Partners.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Equity & Trust\Liew v Fork [HCM].url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Equity & Trust\Review Essay Trends in Contemporary Trust Law by A Oakley - [1998] SydLRev 15; (1998) 20 Sydney Law Review 348.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Law\Equity & Trust\Topic4 - Consideration & Promissory Estoppel.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Law\Misc\Journal of Malaysian and Comparative Law.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Law\Misc\LexisNexis Enterprise Solutions.url:favicon 15086 bytes
C:\Documents and Settings\User\Favorites\Law\Misc\Pearson Education - Student Resources.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Law\Misc\UM Life - Faculty of Law.url:favicon 7622 bytes
C:\Documents and Settings\User\Favorites\Law\Tort\The Legal Duty of Care -the law of torts.url:favicon 6598 bytes
C:\Documents and Settings\User\Favorites\Links\AllULook4.com  We Have Everything You Are Looking For.url:favicon 990 bytes
C:\Documents and Settings\User\Favorites\Links\Astalavista.MS Forum  Log in.url:favicon 2550 bytes
C:\Documents and Settings\User\Favorites\Links\AVG Free - Download installation files & documentation.url:favicon 9062 bytes
C:\Documents and Settings\User\Favorites\Links\BleepingComputer.com - Computer Help Forums.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Links\Geeks to Go! Tech experts answer your questions!.url:favicon 22486 bytes
C:\Documents and Settings\User\Favorites\Links\Home - Rapidshare Full Downloads - Freshwap.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Links\HP Deskjet Software-Driver Full Feature for USB HP Deskjet 5160 Printer.url:favicon 766 bytes
C:\Documents and Settings\User\Favorites\Links\Stock Photography - Search 2 Million Stock Photos, Stock Footage Video Clips, Royalty Free Imag.url:favicon 318 bytes
C:\Documents and Settings\User\Favorites\Links\Where is the Run command on Windows Start Menu - Ask Leo!.url:favicon 3638 bytes
C:\Documents and Settings\User\Favorites\Lowyat.NET - Autorun.bg Worm & Live & Let Die.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Microsoft Web Sites\Design slides - Templates - Microsoft Office Online.url:favicon 2862 bytes
C:\Documents and Settings\User\Favorites\PC Hell Registry Editor Has Been Disabled By Your Administrator - Fix.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Reflexology foot map - Dorling Kindersley.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Reflexology hand map - Dorling Kindersley.url:favicon 894 bytes
C:\Documents and Settings\User\Favorites\Softwares\Adobe - Download Acrobat 8 Professional.url:favicon 1150 bytes
C:\Documents and Settings\User\Favorites\Softwares\Contact HP.url:favicon 766 bytes
C:\Documents and Settings\User\Favorites\Softwares\MindMapper Pro 2008 v6.0.0.1824 - DesiWareZ.net ForumZ.url:favicon 830 bytes
C:\Documents and Settings\User\Favorites\Softwares\PC World - PC World Downloads - Conference Recorder.url:favicon 3638 bytes
C:\Documents and Settings\User\Favorites\Why can't I enable the Run command - Ask Leo!.url:favicon 3638 bytes
C:\Documents and Settings\User\Favorites\You Must Read This Before Posting A Hijackthis Log - Geeks to Go!.url:favicon 22486 bytes
C:\Documents and Settings\User\Favorites\Zie\Fariz's FotoPage - Fotopages.com.url:favicon 1406 bytes
C:\Documents and Settings\User\Favorites\Zie\http--www.box.net-.url:favicon 3638 bytes
C:\Documents and Settings\User\Favorites\Zie\stileproject.com.url:favicon 824 bytes
C:\Documents and Settings\User\Local Settings\Application Data\SimTech\MindMapper 2008\v2008\TemplateMaps\Images\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\User\My Documents\My Pictures\Microsoft Clip Organizer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\User\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\User\My Documents\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 132

< End of report >

Thanking you in advance.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:39 PM

Posted 27 October 2008 - 07:52 PM

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind -> 1
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileMenu -> 1
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSetting -> 1
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 1
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1
< Drives with AutoRun files > -> 
NY -> autorun.inf [[autorun] | shellexecute=wscript.exe Mc~.vbe | ] -> D:\autorun.inf [ NTFS ]
[Files/Folders - Created Within 30 days]
NY -> At1.job -> %SystemRoot%\tasks\At1.job
NY -> At10.job -> %SystemRoot%\tasks\At10.job
NY -> At100.job -> %SystemRoot%\tasks\At100.job
NY -> At101.job -> %SystemRoot%\tasks\At101.job
NY -> At102.job -> %SystemRoot%\tasks\At102.job
NY -> At103.job -> %SystemRoot%\tasks\At103.job
NY -> At104.job -> %SystemRoot%\tasks\At104.job
NY -> At105.job -> %SystemRoot%\tasks\At105.job
NY -> At106.job -> %SystemRoot%\tasks\At106.job
NY -> At107.job -> %SystemRoot%\tasks\At107.job
NY -> At108.job -> %SystemRoot%\tasks\At108.job
NY -> At109.job -> %SystemRoot%\tasks\At109.job
NY -> At11.job -> %SystemRoot%\tasks\At11.job
NY -> At110.job -> %SystemRoot%\tasks\At110.job
NY -> At111.job -> %SystemRoot%\tasks\At111.job
NY -> At112.job -> %SystemRoot%\tasks\At112.job
NY -> At12.job -> %SystemRoot%\tasks\At12.job
NY -> At13.job -> %SystemRoot%\tasks\At13.job
NY -> At14.job -> %SystemRoot%\tasks\At14.job
NY -> At15.job -> %SystemRoot%\tasks\At15.job
NY -> At16.job -> %SystemRoot%\tasks\At16.job
NY -> At17.job -> %SystemRoot%\tasks\At17.job
NY -> At18.job -> %SystemRoot%\tasks\At18.job
NY -> At19.job -> %SystemRoot%\tasks\At19.job
NY -> At2.job -> %SystemRoot%\tasks\At2.job
NY -> At20.job -> %SystemRoot%\tasks\At20.job
NY -> At21.job -> %SystemRoot%\tasks\At21.job
NY -> At22.job -> %SystemRoot%\tasks\At22.job
NY -> At23.job -> %SystemRoot%\tasks\At23.job
NY -> At24.job -> %SystemRoot%\tasks\At24.job
NY -> At25.job -> %SystemRoot%\tasks\At25.job
NY -> At26.job -> %SystemRoot%\tasks\At26.job
NY -> At27.job -> %SystemRoot%\tasks\At27.job
NY -> At28.job -> %SystemRoot%\tasks\At28.job
NY -> At29.job -> %SystemRoot%\tasks\At29.job
NY -> At3.job -> %SystemRoot%\tasks\At3.job
NY -> At30.job -> %SystemRoot%\tasks\At30.job
NY -> At31.job -> %SystemRoot%\tasks\At31.job
NY -> At32.job -> %SystemRoot%\tasks\At32.job
NY -> At33.job -> %SystemRoot%\tasks\At33.job
NY -> At34.job -> %SystemRoot%\tasks\At34.job
NY -> At35.job -> %SystemRoot%\tasks\At35.job
NY -> At36.job -> %SystemRoot%\tasks\At36.job
NY -> At37.job -> %SystemRoot%\tasks\At37.job
NY -> At38.job -> %SystemRoot%\tasks\At38.job
NY -> At39.job -> %SystemRoot%\tasks\At39.job
NY -> At4.job -> %SystemRoot%\tasks\At4.job
NY -> At40.job -> %SystemRoot%\tasks\At40.job
NY -> At41.job -> %SystemRoot%\tasks\At41.job
NY -> At42.job -> %SystemRoot%\tasks\At42.job
NY -> At43.job -> %SystemRoot%\tasks\At43.job
NY -> At44.job -> %SystemRoot%\tasks\At44.job
NY -> At45.job -> %SystemRoot%\tasks\At45.job
NY -> At46.job -> %SystemRoot%\tasks\At46.job
NY -> At47.job -> %SystemRoot%\tasks\At47.job
NY -> At48.job -> %SystemRoot%\tasks\At48.job
NY -> At49.job -> %SystemRoot%\tasks\At49.job
NY -> At5.job -> %SystemRoot%\tasks\At5.job
NY -> At50.job -> %SystemRoot%\tasks\At50.job
NY -> At51.job -> %SystemRoot%\tasks\At51.job
NY -> At52.job -> %SystemRoot%\tasks\At52.job
NY -> At53.job -> %SystemRoot%\tasks\At53.job
NY -> At54.job -> %SystemRoot%\tasks\At54.job
NY -> At55.job -> %SystemRoot%\tasks\At55.job
NY -> At56.job -> %SystemRoot%\tasks\At56.job
NY -> At57.job -> %SystemRoot%\tasks\At57.job
NY -> At58.job -> %SystemRoot%\tasks\At58.job
NY -> At59.job -> %SystemRoot%\tasks\At59.job
NY -> At6.job -> %SystemRoot%\tasks\At6.job
NY -> At60.job -> %SystemRoot%\tasks\At60.job
NY -> At61.job -> %SystemRoot%\tasks\At61.job
NY -> At62.job -> %SystemRoot%\tasks\At62.job
NY -> At63.job -> %SystemRoot%\tasks\At63.job
NY -> At64.job -> %SystemRoot%\tasks\At64.job
NY -> At65.job -> %SystemRoot%\tasks\At65.job
NY -> At66.job -> %SystemRoot%\tasks\At66.job
NY -> At67.job -> %SystemRoot%\tasks\At67.job
NY -> At68.job -> %SystemRoot%\tasks\At68.job
NY -> At69.job -> %SystemRoot%\tasks\At69.job
NY -> At7.job -> %SystemRoot%\tasks\At7.job
NY -> At70.job -> %SystemRoot%\tasks\At70.job
NY -> At71.job -> %SystemRoot%\tasks\At71.job
NY -> At72.job -> %SystemRoot%\tasks\At72.job
NY -> At73.job -> %SystemRoot%\tasks\At73.job
NY -> At74.job -> %SystemRoot%\tasks\At74.job
NY -> At75.job -> %SystemRoot%\tasks\At75.job
NY -> At76.job -> %SystemRoot%\tasks\At76.job
NY -> At77.job -> %SystemRoot%\tasks\At77.job
NY -> At78.job -> %SystemRoot%\tasks\At78.job
NY -> At79.job -> %SystemRoot%\tasks\At79.job
NY -> At8.job -> %SystemRoot%\tasks\At8.job
NY -> At80.job -> %SystemRoot%\tasks\At80.job
NY -> At81.job -> %SystemRoot%\tasks\At81.job
NY -> At82.job -> %SystemRoot%\tasks\At82.job
NY -> At83.job -> %SystemRoot%\tasks\At83.job
NY -> At84.job -> %SystemRoot%\tasks\At84.job
NY -> At85.job -> %SystemRoot%\tasks\At85.job
NY -> At86.job -> %SystemRoot%\tasks\At86.job
NY -> At87.job -> %SystemRoot%\tasks\At87.job
NY -> At88.job -> %SystemRoot%\tasks\At88.job
NY -> At89.job -> %SystemRoot%\tasks\At89.job
NY -> At9.job -> %SystemRoot%\tasks\At9.job
NY -> At90.job -> %SystemRoot%\tasks\At90.job
NY -> At91.job -> %SystemRoot%\tasks\At91.job
NY -> At92.job -> %SystemRoot%\tasks\At92.job
NY -> At93.job -> %SystemRoot%\tasks\At93.job
NY -> At94.job -> %SystemRoot%\tasks\At94.job
NY -> At95.job -> %SystemRoot%\tasks\At95.job
NY -> At96.job -> %SystemRoot%\tasks\At96.job
NY -> At97.job -> %SystemRoot%\tasks\At97.job
NY -> At98.job -> %SystemRoot%\tasks\At98.job
NY -> At99.job -> %SystemRoot%\tasks\At99.job
[Files/Folders - Modified Within 30 days]
NY -> At1.job -> %SystemRoot%\tasks\At1.job
NY -> At10.job -> %SystemRoot%\tasks\At10.job
NY -> At100.job -> %SystemRoot%\tasks\At100.job
NY -> At101.job -> %SystemRoot%\tasks\At101.job
NY -> At102.job -> %SystemRoot%\tasks\At102.job
NY -> At103.job -> %SystemRoot%\tasks\At103.job
NY -> At104.job -> %SystemRoot%\tasks\At104.job
NY -> At105.job -> %SystemRoot%\tasks\At105.job
NY -> At106.job -> %SystemRoot%\tasks\At106.job
NY -> At107.job -> %SystemRoot%\tasks\At107.job
NY -> At108.job -> %SystemRoot%\tasks\At108.job
NY -> At109.job -> %SystemRoot%\tasks\At109.job
NY -> At11.job -> %SystemRoot%\tasks\At11.job
NY -> At110.job -> %SystemRoot%\tasks\At110.job
NY -> At111.job -> %SystemRoot%\tasks\At111.job
NY -> At112.job -> %SystemRoot%\tasks\At112.job
NY -> At12.job -> %SystemRoot%\tasks\At12.job
NY -> At13.job -> %SystemRoot%\tasks\At13.job
NY -> At14.job -> %SystemRoot%\tasks\At14.job
NY -> At15.job -> %SystemRoot%\tasks\At15.job
NY -> At16.job -> %SystemRoot%\tasks\At16.job
NY -> At17.job -> %SystemRoot%\tasks\At17.job
NY -> At18.job -> %SystemRoot%\tasks\At18.job
NY -> At19.job -> %SystemRoot%\tasks\At19.job
NY -> At2.job -> %SystemRoot%\tasks\At2.job
NY -> At20.job -> %SystemRoot%\tasks\At20.job
NY -> At21.job -> %SystemRoot%\tasks\At21.job
NY -> At22.job -> %SystemRoot%\tasks\At22.job
NY -> At23.job -> %SystemRoot%\tasks\At23.job
NY -> At24.job -> %SystemRoot%\tasks\At24.job
NY -> At25.job -> %SystemRoot%\tasks\At25.job
NY -> At26.job -> %SystemRoot%\tasks\At26.job
NY -> At27.job -> %SystemRoot%\tasks\At27.job
NY -> At28.job -> %SystemRoot%\tasks\At28.job
NY -> At29.job -> %SystemRoot%\tasks\At29.job
NY -> At3.job -> %SystemRoot%\tasks\At3.job
NY -> At30.job -> %SystemRoot%\tasks\At30.job
NY -> At31.job -> %SystemRoot%\tasks\At31.job
NY -> At32.job -> %SystemRoot%\tasks\At32.job
NY -> At33.job -> %SystemRoot%\tasks\At33.job
NY -> At34.job -> %SystemRoot%\tasks\At34.job
NY -> At35.job -> %SystemRoot%\tasks\At35.job
NY -> At36.job -> %SystemRoot%\tasks\At36.job
NY -> At37.job -> %SystemRoot%\tasks\At37.job
NY -> At38.job -> %SystemRoot%\tasks\At38.job
NY -> At39.job -> %SystemRoot%\tasks\At39.job
NY -> At4.job -> %SystemRoot%\tasks\At4.job
NY -> At40.job -> %SystemRoot%\tasks\At40.job
NY -> At41.job -> %SystemRoot%\tasks\At41.job
NY -> At42.job -> %SystemRoot%\tasks\At42.job
NY -> At43.job -> %SystemRoot%\tasks\At43.job
NY -> At44.job -> %SystemRoot%\tasks\At44.job
NY -> At45.job -> %SystemRoot%\tasks\At45.job
NY -> At46.job -> %SystemRoot%\tasks\At46.job
NY -> At47.job -> %SystemRoot%\tasks\At47.job
NY -> At48.job -> %SystemRoot%\tasks\At48.job
NY -> At49.job -> %SystemRoot%\tasks\At49.job
NY -> At5.job -> %SystemRoot%\tasks\At5.job
NY -> At50.job -> %SystemRoot%\tasks\At50.job
NY -> At51.job -> %SystemRoot%\tasks\At51.job
NY -> At52.job -> %SystemRoot%\tasks\At52.job
NY -> At53.job -> %SystemRoot%\tasks\At53.job
NY -> At54.job -> %SystemRoot%\tasks\At54.job
NY -> At55.job -> %SystemRoot%\tasks\At55.job
NY -> At56.job -> %SystemRoot%\tasks\At56.job
NY -> At57.job -> %SystemRoot%\tasks\At57.job
NY -> At58.job -> %SystemRoot%\tasks\At58.job
NY -> At59.job -> %SystemRoot%\tasks\At59.job
NY -> At6.job -> %SystemRoot%\tasks\At6.job
NY -> At60.job -> %SystemRoot%\tasks\At60.job
NY -> At61.job -> %SystemRoot%\tasks\At61.job
NY -> At62.job -> %SystemRoot%\tasks\At62.job
NY -> At63.job -> %SystemRoot%\tasks\At63.job
NY -> At64.job -> %SystemRoot%\tasks\At64.job
NY -> At65.job -> %SystemRoot%\tasks\At65.job
NY -> At66.job -> %SystemRoot%\tasks\At66.job
NY -> At67.job -> %SystemRoot%\tasks\At67.job
NY -> At68.job -> %SystemRoot%\tasks\At68.job
NY -> At69.job -> %SystemRoot%\tasks\At69.job
NY -> At7.job -> %SystemRoot%\tasks\At7.job
NY -> At70.job -> %SystemRoot%\tasks\At70.job
NY -> At71.job -> %SystemRoot%\tasks\At71.job
NY -> At72.job -> %SystemRoot%\tasks\At72.job
NY -> At73.job -> %SystemRoot%\tasks\At73.job
NY -> At74.job -> %SystemRoot%\tasks\At74.job
NY -> At75.job -> %SystemRoot%\tasks\At75.job
NY -> At76.job -> %SystemRoot%\tasks\At76.job
NY -> At77.job -> %SystemRoot%\tasks\At77.job
NY -> At78.job -> %SystemRoot%\tasks\At78.job
NY -> At79.job -> %SystemRoot%\tasks\At79.job
NY -> At8.job -> %SystemRoot%\tasks\At8.job
NY -> At80.job -> %SystemRoot%\tasks\At80.job
NY -> At81.job -> %SystemRoot%\tasks\At81.job
NY -> At82.job -> %SystemRoot%\tasks\At82.job
NY -> At83.job -> %SystemRoot%\tasks\At83.job
NY -> At84.job -> %SystemRoot%\tasks\At84.job
NY -> At85.job -> %SystemRoot%\tasks\At85.job
NY -> At86.job -> %SystemRoot%\tasks\At86.job
NY -> At87.job -> %SystemRoot%\tasks\At87.job
NY -> At88.job -> %SystemRoot%\tasks\At88.job
NY -> At89.job -> %SystemRoot%\tasks\At89.job
NY -> At9.job -> %SystemRoot%\tasks\At9.job
NY -> At90.job -> %SystemRoot%\tasks\At90.job
NY -> At91.job -> %SystemRoot%\tasks\At91.job
NY -> At92.job -> %SystemRoot%\tasks\At92.job
NY -> At93.job -> %SystemRoot%\tasks\At93.job
NY -> At94.job -> %SystemRoot%\tasks\At94.job
NY -> At95.job -> %SystemRoot%\tasks\At95.job
NY -> At96.job -> %SystemRoot%\tasks\At96.job
NY -> At97.job -> %SystemRoot%\tasks\At97.job
NY -> At98.job -> %SystemRoot%\tasks\At98.job
NY -> At99.job -> %SystemRoot%\tasks\At99.job
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
NY -> At1.job -> C:\WINDOWS\Tasks\At1.job
NY -> At10.job -> C:\WINDOWS\Tasks\At10.job
NY -> At100.job -> C:\WINDOWS\Tasks\At100.job
NY -> At101.job -> C:\WINDOWS\Tasks\At101.job
NY -> At102.job -> C:\WINDOWS\Tasks\At102.job
NY -> At103.job -> C:\WINDOWS\Tasks\At103.job
NY -> At104.job -> C:\WINDOWS\Tasks\At104.job
NY -> At105.job -> C:\WINDOWS\Tasks\At105.job
NY -> At106.job -> C:\WINDOWS\Tasks\At106.job
NY -> At107.job -> C:\WINDOWS\Tasks\At107.job
NY -> At108.job -> C:\WINDOWS\Tasks\At108.job
NY -> At109.job -> C:\WINDOWS\Tasks\At109.job
NY -> At11.job -> C:\WINDOWS\Tasks\At11.job
NY -> At110.job -> C:\WINDOWS\Tasks\At110.job
NY -> At111.job -> C:\WINDOWS\Tasks\At111.job
NY -> At112.job -> C:\WINDOWS\Tasks\At112.job
NY -> At12.job -> C:\WINDOWS\Tasks\At12.job
NY -> At13.job -> C:\WINDOWS\Tasks\At13.job
NY -> At14.job -> C:\WINDOWS\Tasks\At14.job
NY -> At15.job -> C:\WINDOWS\Tasks\At15.job
NY -> At16.job -> C:\WINDOWS\Tasks\At16.job
NY -> At17.job -> C:\WINDOWS\Tasks\At17.job
NY -> At18.job -> C:\WINDOWS\Tasks\At18.job
NY -> At19.job -> C:\WINDOWS\Tasks\At19.job
NY -> At2.job -> C:\WINDOWS\Tasks\At2.job
NY -> At20.job -> C:\WINDOWS\Tasks\At20.job
NY -> At21.job -> C:\WINDOWS\Tasks\At21.job
NY -> At22.job -> C:\WINDOWS\Tasks\At22.job
NY -> At23.job -> C:\WINDOWS\Tasks\At23.job
NY -> At24.job -> C:\WINDOWS\Tasks\At24.job
NY -> At25.job -> C:\WINDOWS\Tasks\At25.job
NY -> At26.job -> C:\WINDOWS\Tasks\At26.job
NY -> At27.job -> C:\WINDOWS\Tasks\At27.job
NY -> At28.job -> C:\WINDOWS\Tasks\At28.job
NY -> At29.job -> C:\WINDOWS\Tasks\At29.job
NY -> At3.job -> C:\WINDOWS\Tasks\At3.job
NY -> At30.job -> C:\WINDOWS\Tasks\At30.job
NY -> At31.job -> C:\WINDOWS\Tasks\At31.job
NY -> At32.job -> C:\WINDOWS\Tasks\At32.job
NY -> At33.job -> C:\WINDOWS\Tasks\At33.job
NY -> At34.job -> C:\WINDOWS\Tasks\At34.job
NY -> At35.job -> C:\WINDOWS\Tasks\At35.job
NY -> At36.job -> C:\WINDOWS\Tasks\At36.job
NY -> At37.job -> C:\WINDOWS\Tasks\At37.job
NY -> At38.job -> C:\WINDOWS\Tasks\At38.job
NY -> At39.job -> C:\WINDOWS\Tasks\At39.job
NY -> At4.job -> C:\WINDOWS\Tasks\At4.job
NY -> At40.job -> C:\WINDOWS\Tasks\At40.job
NY -> At41.job -> C:\WINDOWS\Tasks\At41.job
NY -> At42.job -> C:\WINDOWS\Tasks\At42.job
NY -> At43.job -> C:\WINDOWS\Tasks\At43.job
NY -> At44.job -> C:\WINDOWS\Tasks\At44.job
NY -> At45.job -> C:\WINDOWS\Tasks\At45.job
NY -> At46.job -> C:\WINDOWS\Tasks\At46.job
NY -> At47.job -> C:\WINDOWS\Tasks\At47.job
NY -> At48.job -> C:\WINDOWS\Tasks\At48.job
NY -> At49.job -> C:\WINDOWS\Tasks\At49.job
NY -> At5.job -> C:\WINDOWS\Tasks\At5.job
NY -> At50.job -> C:\WINDOWS\Tasks\At50.job
NY -> At51.job -> C:\WINDOWS\Tasks\At51.job
NY -> At52.job -> C:\WINDOWS\Tasks\At52.job
NY -> At53.job -> C:\WINDOWS\Tasks\At53.job
NY -> At54.job -> C:\WINDOWS\Tasks\At54.job
NY -> At55.job -> C:\WINDOWS\Tasks\At55.job
NY -> At56.job -> C:\WINDOWS\Tasks\At56.job
NY -> At57.job -> C:\WINDOWS\Tasks\At57.job
NY -> At58.job -> C:\WINDOWS\Tasks\At58.job
NY -> At59.job -> C:\WINDOWS\Tasks\At59.job
NY -> At6.job -> C:\WINDOWS\Tasks\At6.job
NY -> At60.job -> C:\WINDOWS\Tasks\At60.job
NY -> At61.job -> C:\WINDOWS\Tasks\At61.job
NY -> At62.job -> C:\WINDOWS\Tasks\At62.job
NY -> At63.job -> C:\WINDOWS\Tasks\At63.job
NY -> At64.job -> C:\WINDOWS\Tasks\At64.job
NY -> At65.job -> C:\WINDOWS\Tasks\At65.job
NY -> At66.job -> C:\WINDOWS\Tasks\At66.job
NY -> At67.job -> C:\WINDOWS\Tasks\At67.job
NY -> At68.job -> C:\WINDOWS\Tasks\At68.job
NY -> At69.job -> C:\WINDOWS\Tasks\At69.job
NY -> At7.job -> C:\WINDOWS\Tasks\At7.job
NY -> At70.job -> C:\WINDOWS\Tasks\At70.job
NY -> At71.job -> C:\WINDOWS\Tasks\At71.job
NY -> At72.job -> C:\WINDOWS\Tasks\At72.job
NY -> At73.job -> C:\WINDOWS\Tasks\At73.job
NY -> At74.job -> C:\WINDOWS\Tasks\At74.job
NY -> At75.job -> C:\WINDOWS\Tasks\At75.job
NY -> At76.job -> C:\WINDOWS\Tasks\At76.job
NY -> At77.job -> C:\WINDOWS\Tasks\At77.job
NY -> At78.job -> C:\WINDOWS\Tasks\At78.job
NY -> At79.job -> C:\WINDOWS\Tasks\At79.job
NY -> At8.job -> C:\WINDOWS\Tasks\At8.job
NY -> At80.job -> C:\WINDOWS\Tasks\At80.job
NY -> At81.job -> C:\WINDOWS\Tasks\At81.job
NY -> At82.job -> C:\WINDOWS\Tasks\At82.job
NY -> At83.job -> C:\WINDOWS\Tasks\At83.job
NY -> At84.job -> C:\WINDOWS\Tasks\At84.job
NY -> At85.job -> C:\WINDOWS\Tasks\At85.job
NY -> At86.job -> C:\WINDOWS\Tasks\At86.job
NY -> At87.job -> C:\WINDOWS\Tasks\At87.job
NY -> At88.job -> C:\WINDOWS\Tasks\At88.job
NY -> At89.job -> C:\WINDOWS\Tasks\At89.job
NY -> At9.job -> C:\WINDOWS\Tasks\At9.job
NY -> At90.job -> C:\WINDOWS\Tasks\At90.job
NY -> At91.job -> C:\WINDOWS\Tasks\At91.job
NY -> At92.job -> C:\WINDOWS\Tasks\At92.job
NY -> At93.job -> C:\WINDOWS\Tasks\At93.job
NY -> At94.job -> C:\WINDOWS\Tasks\At94.job
NY -> At95.job -> C:\WINDOWS\Tasks\At95.job
NY -> At96.job -> C:\WINDOWS\Tasks\At96.job
NY -> At97.job -> C:\WINDOWS\Tasks\At97.job
NY -> At98.job -> C:\WINDOWS\Tasks\At98.job
NY -> At99.job -> C:\WINDOWS\Tasks\At99.job
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 sheegirl

sheegirl
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Malaysia
  • Local time:03:39 AM

Posted 28 October 2008 - 03:09 AM

OTScanIt unable to continue fixing as the system hanged (not responding) at below job:

NY -> At110.job -> %SystemRoot%\tasks\At110.job

What shall i do next?

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:39 PM

Posted 28 October 2008 - 04:45 AM

Go to Start > Run then type in this in the RUn box: tasks that will open the Tasks folder and delete all of the .job's that you see present.

After that Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
==================================================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 sheegirl

sheegirl
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Malaysia
  • Local time:03:39 AM

Posted 28 October 2008 - 05:17 AM

How if the 'Run' command is missing from Start? (one of the problems Im facing). :thumbsup:

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:39 PM

Posted 28 October 2008 - 05:18 AM

Please then proceed with MalwareBytes it will return that function and then delete the files as instructed in my previous post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 sheegirl

sheegirl
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Malaysia
  • Local time:03:39 AM

Posted 28 October 2008 - 05:28 AM

Here is the Malwarebyte's log:

Malwarebytes' Anti-Malware 1.30
Database version: 1331
Windows 5.1.2600 Service Pack 3

10/28/2008 6:19:21 PM
mbam-log-2008-10-28 (18-19-21).txt

Scan type: Quick Scan
Objects scanned: 40387
Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


RSIT info.txt:

info.txt logfile of random's system information tool 1.04 2008-10-28 18:24:45

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 8.1.2 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Athan Basic 3.4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Azan\irunin.ini"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iwis30B5a.INF
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31\HXFSETUP.EXE -U -IBD1HDAm.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
hp deskjet 5100-->msiexec /x{15C165F1-1DAE-4476-AFB6-8723729B41E7}
HP Driver Diagnostics-->MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Quick Launch Buttons 6.10 B9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe" -l0x9 -removeonly uninst
Install Creator-->C:\Program Files\Install Creator\Uninstal.exe
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Mega Codec Pack 2.2.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
L&H TTS3000 British English-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MIKSOFT Mobile AMR converter-->"C:\Program Files\MIKSOFT\Mobile AMR converter\unins000.exe"
MindMapper 2008-->C:\Program Files\InstallShield Installation Information\{232E984E-F02D-4DAE-80F4-97884EC52F16}\setup.exe -runfromtemp -l0x0009 -removeonly
Mobile Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Pageant Princess-->MsiExec.exe /X{C150B05D-6051-4BF7-A0D6-4E471232D5CE}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Revo Uninstaller 1.75-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Visual MP3 Splitter & Joiner 6.0-->"C:\Program Files\Visual MP3 Splitter & Joiner\unins000.exe"
Vopt 8.18-->C:\PROGRA~1\Vopt8\UNWISE.EXE C:\PROGRA~1\Vopt8\INSTALL.LOG
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O4 - HKLM\..\Run: [vr64] C:\WINDOWS\system32\prnjobt.vbe
O4 - HKLM\..\Run: [vr64] C:\WINDOWS\system32\prnjobt.vbe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081027-1]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VERSION"=2.1.5
"SESSIONID"=1211898791120g1u0355c.austin.hp.com264c33b:11a2acb3e36:1e73
"COLLECTIONID"=COL7299
"ITEMID"=oj-21918-1
"UPDATEDIR"=C:\DOCUME~1\User\LOCALS~1\Temp\rad92C51.tmp
"TOOLPATH"=/C:/Program%20Files/Hewlett-Packard/HP%20Software%20Update/install.htm
"HMSERVER"=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.30716
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0

-----------------EOF-----------------

RSIT log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by User at 2008-10-28 18:24:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 38 GB (74%) free of 51 GB
Total RAM: 1014 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:43 PM, on 10/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Azan\Athan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Azan\Athan.exe
O4 - HKLM\..\Run: [muBlinder] D:\Softwares\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://www.gamehouse.com/realarcade-webgam.../DoggieDash.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/realarcade-webgam...mjolauncher.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://www.gamehouse.com/realarcade-webgam...BGamePlayer.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/realarcade-webgam...zylomplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B2F03B3-F73C-40F0-9138-D37213519A59}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\User\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

--
End of file - 10288 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-11 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-11 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-17 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-17 155648]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-17 131072]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-07 159744]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-04-12 102400]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2005-02-09 159744]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-26 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2006-01-13 188416]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-12 623992]
""= []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-04-02 36352]
"Athan"=C:\Program Files\Azan\Athan.exe [2008-08-18 1069056]
"muBlinder"=D:\Softwares\muBlinder\muBlinder.exe [2008-10-08 1463808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-10 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-12-09 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-01-12 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-17 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-10-27 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"NoFolderOptions"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0
"HideRunAsVerb"=0
"NoTrayContextMenu"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=
"NoDriveTypeAutoRun"=
"NoFind"=
"NoTrayContextMenu"=
"NoSaveSetting"=
"HideRunAsVerb"=
"InternetOpenWith"=
"NoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b59fe68-a32c-11dd-af41-0013e8eb6399}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cf2246b-09ef-11dd-aed5-0013e8eb6399}]
shell\Auto\command - MicrosoftPowerPoint.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{835ced0e-0680-11dd-aed3-0013e8eb6399}]
shell\Auto\command - E:\MicrosoftPowerPoint.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b21d4eb5-01c2-11dd-aecd-0013e8eb6399}]
shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ipse32.exe
shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ipse32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5b7db83-9b1c-11dd-af32-0013e8eb6399}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{daddcccc-09f2-11dd-aed6-0013e8eb6399}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{daddccce-09f2-11dd-aed6-0013e8eb6399}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fea29af0-e3d9-11dc-aea5-001e370a1025}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe


======List of files/folders created in the last 1 months======

2008-10-28 18:24:39 ----D---- C:\rsit
2008-10-27 16:30:08 ----D---- C:\WINDOWS\Prefetch
2008-10-27 16:22:50 ----D---- C:\WINDOWS\system32\scripting
2008-10-27 16:22:50 ----D---- C:\WINDOWS\l2schemas
2008-10-27 16:22:49 ----D---- C:\WINDOWS\system32\en
2008-10-27 16:22:49 ----D---- C:\WINDOWS\system32\bits
2008-10-27 16:19:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-27 16:17:21 ----D---- C:\WINDOWS\network diagnostic
2008-10-27 16:13:52 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-26 07:15:10 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-10-26 07:15:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 07:15:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 07:07:46 ----D---- C:\WINDOWS\ERDNT
2008-10-26 07:06:30 ----D---- C:\Program Files\ERUNT
2008-10-25 23:06:34 ----D---- C:\Program Files\Trend Micro
2008-10-25 20:55:10 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-18 14:59:02 ----D---- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-10-07 11:28:51 ----D---- C:\Documents and Settings\User\Application Data\iWin
2008-10-07 11:28:51 ----D---- C:\Documents and Settings\All Users\Application Data\iWin
2008-10-07 09:43:37 ----D---- C:\Documents and Settings\User\Application Data\GameHouse
2008-10-05 13:27:55 ----D---- C:\Documents and Settings\All Users\Application Data\Zylom
2008-10-04 16:02:29 ----D---- C:\Documents and Settings\All Users\Application Data\GameHouse

======List of files/folders modified in the last 1 months======

2008-10-28 18:23:00 ----SD---- C:\WINDOWS\Tasks
2008-10-28 18:21:56 ----D---- C:\WINDOWS\Temp
2008-10-28 18:21:01 ----A---- C:\hpqp.ini
2008-10-28 18:20:46 ----A---- C:\XP_TV.ini
2008-10-28 17:57:13 ----D---- C:\WINDOWS\system32
2008-10-28 17:57:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-28 17:53:22 ----D---- C:\WINDOWS
2008-10-28 17:51:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-27 17:39:24 ----D---- C:\WINDOWS\Debug
2008-10-27 17:38:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 16:50:05 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-27 16:49:45 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-27 16:48:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-27 16:48:29 ----HD---- C:\WINDOWS\inf
2008-10-27 16:48:24 ----D---- C:\WINDOWS\system32\drivers
2008-10-27 16:47:56 ----D---- C:\Program Files\Messenger
2008-10-27 16:46:08 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-27 16:29:41 ----D---- C:\WINDOWS\system32\wbem
2008-10-27 16:29:41 ----D---- C:\WINDOWS\system32\Setup
2008-10-27 16:29:41 ----D---- C:\WINDOWS\AppPatch
2008-10-27 16:29:41 ----D---- C:\Program Files\Windows Media Player
2008-10-27 16:29:40 ----RSD---- C:\WINDOWS\Fonts
2008-10-27 16:26:25 ----D---- C:\WINDOWS\security
2008-10-27 16:23:33 ----D---- C:\WINDOWS\WinSxS
2008-10-27 16:23:06 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-27 16:23:06 ----D---- C:\WINDOWS\ime
2008-10-27 16:23:06 ----D---- C:\WINDOWS\Help
2008-10-27 16:22:51 ----D---- C:\WINDOWS\system32\usmt
2008-10-27 16:22:51 ----D---- C:\WINDOWS\system32\en-US
2008-10-27 16:22:50 ----SHD---- C:\WINDOWS\Installer
2008-10-27 16:22:49 ----D---- C:\WINDOWS\PeerNet
2008-10-27 16:22:49 ----D---- C:\Program Files\Movie Maker
2008-10-27 16:18:52 ----D---- C:\WINDOWS\system32\Restore
2008-10-27 16:18:52 ----D---- C:\WINDOWS\system32\npp
2008-10-27 16:18:52 ----D---- C:\WINDOWS\mui
2008-10-27 16:18:51 ----D---- C:\WINDOWS\msagent
2008-10-27 16:18:50 ----D---- C:\WINDOWS\srchasst
2008-10-27 16:18:48 ----D---- C:\Program Files\NetMeeting
2008-10-27 16:18:47 ----D---- C:\WINDOWS\system32\Com
2008-10-27 16:18:45 ----D---- C:\Program Files\Windows NT
2008-10-27 16:18:45 ----D---- C:\Program Files\Outlook Express
2008-10-27 16:18:43 ----D---- C:\Program Files\Common Files\System
2008-10-27 16:18:30 ----D---- C:\WINDOWS\system32\oobe
2008-10-27 16:18:28 ----D---- C:\WINDOWS\system
2008-10-27 16:16:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-27 16:13:50 ----D---- C:\WINDOWS\ehome
2008-10-27 15:23:10 ----A---- C:\WINDOWS\system32\WgaTray.exe
2008-10-27 15:23:10 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2008-10-27 15:22:26 ----A---- C:\WINDOWS\system32\LegitCheckControl.DLL
2008-10-26 23:14:39 ----RD---- C:\Program Files
2008-10-26 07:33:15 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-26 00:10:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-26 00:07:21 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7
2008-10-25 21:02:35 ----D---- C:\Documents and Settings
2008-10-25 11:37:00 ----D---- C:\Program Files\Mozilla Firefox
2008-10-24 21:21:11 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-24 11:46:21 ----D---- C:\Program Files\DivX
2008-10-24 07:26:43 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-23 15:10:13 ----D---- C:\Documents and Settings\User\Application Data\MindMapper 2008
2008-10-20 13:06:45 ----D---- C:\My Games
2008-10-18 14:30:31 ----D---- C:\My Download Files
2008-10-16 03:07:46 ----D---- C:\Program Files\Internet Explorer
2008-10-16 03:01:24 ----D---- C:\WINDOWS\ie7updates
2008-10-16 00:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 22:44:39 ----D---- C:\Program Files\GamesBar
2008-10-08 03:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-05 13:34:44 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-05 13:33:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-05 00:07:50 ----D---- C:\Documents and Settings\User\Application Data\PlayFirst
2008-10-05 00:06:11 ----D---- C:\Program Files\Real
2008-10-04 01:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2006-06-29 8192]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-06 12544]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-02-01 109319]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-13 1342602]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-29 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-08-25 594432]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-11-09 997376]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-11-09 202240]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-17 5760096]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-30 2206976]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-17 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-23 51840]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-02 308992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-11-09 723712]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-06-09 262912]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-11-02 604928]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-13 401664]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-13 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-13 148168]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-13 57320]
S3 Flash1;Flash1; \??\C:\Program Files\SP36869\winphlash\Flash1.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-13 258103]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-03 135168]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-05 654848]
S2 hpdj;hpdj; C:\DOCUME~1\User\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5100 series -product= []
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-27 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:39 PM

Posted 28 October 2008 - 05:34 AM

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 sheegirl

sheegirl
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Malaysia
  • Local time:03:39 AM

Posted 28 October 2008 - 05:45 AM

Before that I proceed further I just would like to know is it possible my D drive been infected? I mean, somehow I spotted 3 hidden files in my D drive and one of it is autorun.inf but now they are gone.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:39 PM

Posted 28 October 2008 - 11:11 AM

Yes you will need to keep all removable drives\flash drives plugged in during the scan to make sure if there are any threats that they will be scanned.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 sheegirl

sheegirl
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Malaysia
  • Local time:03:39 AM

Posted 28 October 2008 - 11:32 AM

I have run the ATF-Cleaner and below is the report:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 29, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, October 28, 2008 00:19:04
Records in database: 1353106
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Files scanned: 104755
Threat name: 1
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 01:04:03


File name / Threat name / Threats count
C:\Documents and Settings\User\Local Settings\Temp\Pdg.vbe Infected: Worm.VBS.Autorun.be 1
C:\Mc~.vbe Infected: Worm.VBS.Autorun.be 1
C:\WINDOWS\system32\prnjobt.vbe Infected: Worm.VBS.Autorun.be 1
D:\Mc~.vbe Infected: Worm.VBS.Autorun.be 1

The selected area was scanned.

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:39 PM

Posted 28 October 2008 - 11:36 AM

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\Documents and Settings\User\Local Settings\Temp\Pdg.vbe 
    C:\Mc~.vbe 
    C:\WINDOWS\system32\prnjobt.vbe 
    D:\Mc~.vbe
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
===================================
post that log and a new Rsit log then let me know how thimgs are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 sheegirl

sheegirl
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Malaysia
  • Local time:03:39 AM

Posted 28 October 2008 - 11:52 AM

OTMoveIt3 log:

========== FILES ==========
C:\Documents and Settings\User\Local Settings\Temp\Pdg.vbe moved successfully.
C:\Mc~.vbe moved successfully.
C:\WINDOWS\system32\prnjobt.vbe moved successfully.
File move failed. D:\Mc~.vbe scheduled to be moved on reboot.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10292008_004542

Files moved on Reboot...
D:\Mc~.vbe moved successfully.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users