Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.TDSServ


  • This topic is locked This topic is locked
16 replies to this topic

#1 smackie

smackie

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 02 November 2008 - 01:22 PM

Hi, 1st post in this forum so here goes. I have a Sony laptop with a particularly difficult to shift Trojan.
Had a pop up saying my machine was infected with spyware, obviously didn't click on the alert as I was sure it was fake. Have installed Spyware Doctor which identifies that the Trojan.TDSServ is found, but will not delete fully. Contacted Spyware who told me to do smart update which I duly did to version 6. Did a full scan which found numerous infected files, deleted these but the machine will now only boot into safe mode. The machine starts to boot, the screen goes blue but I don't have time to review the error as the machine goes back into the boot cycle and starts in safe mode. Have run spy bot, Malwarebytes anti-malware but neither can shift the trojan. Have run hijack this and attached the log below. Not sure what to do next, can anyone help?

I'm running Windows XP SP3.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:33, on 02/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vcl.vaio.sony.co.jp/eu/PforVAIO.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pctools.com/uk/mrc/infections/id/Trojan.TDSServ
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [hwnwnkfu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hwnwnkfu.dll"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: TrayMin315.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13408 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:59 PM

Posted 02 November 2008 - 01:41 PM

Hello smackie

Welcome to BleepingComputer :thumbsup:
========================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      FIle - Lop check
      File - Purity Scan
      Under Basic scans:
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Attach the information back here. I will review it when it comes in.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 smackie

smackie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 02 November 2008 - 04:45 PM

Thanks for the response kahdah,

Here is the .txt from OTScanIt :-

OTScanIt logfile created on: 02/11/2008 21:38:20
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\Administrator\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.50 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 82.08% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 3000 5000;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.60 Gb Total Space | 6.38 Gb Free Space | 19.57% Space Free | Partition Type: NTFS
Drive D: | 34.94 Gb Total Space | 16.00 Gb Free Space | 45.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 247.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-01352A0C79
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 14/05/2007 20:53:41 | Attr =	]
(AdobeActiveFileMonitor) Adobe Active File Monitor [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ->  [Ver =  | Size = 98304 bytes | Modified Date = 04/10/2004 03:47:04 | Attr =	]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19/07/2008 15:25:06 | Attr =	]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19/07/2008 15:38:28 | Attr =	]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19/07/2008 15:38:04 | Attr =	]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23/07/2008 15:25:45 | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 11/01/2008 21:15:01 | Attr =	]
(KService) KService [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kontiki\KService.exe -> Kontiki Inc. [Ver = 5.12.707.160 | Size = 3072184 bytes | Modified Date = 27/02/2008 16:56:54 | Attr =	]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 6, 0, 0, 3 | Size = 356920 bytes | Modified Date = 13/06/2008 16:29:14 | Attr =	]
(sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 6.0.0.22 | Size = 1079176 bytes | Modified Date = 09/10/2008 13:47:42 | Attr =	]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 75304 bytes | Modified Date = 09/07/2008 09:05:18 | Attr =	]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 26944 bytes | Modified Date = 19/07/2008 15:32:15 | Attr =	]
(ADILOADER) General Purpose USB Driver (adildr.sys) [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\adildr.sys -> Analog Deivces [Ver = 1.8 | Size = 50007 bytes | Modified Date = 02/03/2004 08:26:58 | Attr =	]
(adiusbaw) USB ADSL WAN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\adiusbaw.sys -> Analog Devices Inc. [Ver = 2.2.10.x | Size = 127065 bytes | Modified Date = 02/03/2004 08:24:16 | Attr =	]
(Aspi32) Aspi32 [Kernel | Auto | Stopped] -> %SystemRoot%\System32\drivers\ASPI32.sys -> Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Modified Date = 10/09/1999 11:06:00 | Attr = R  ]
(aswFsBlk) aswFsBlk [File_System | Auto | Stopped] -> %SystemRoot%\system32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 20560 bytes | Modified Date = 19/07/2008 15:37:42 | Attr =	]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Stopped] -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 94416 bytes | Modified Date = 19/07/2008 15:37:21 | Attr =	]
(aswRdr) aswRdr [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 23152 bytes | Modified Date = 19/07/2008 15:33:42 | Attr =	]
(aswSP) avast! Self Protection [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 78416 bytes | Modified Date = 19/07/2008 15:35:18 | Attr =	]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 42912 bytes | Modified Date = 19/07/2008 15:32:36 | Attr =	]
(grmnusb) grmnusb [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\grmnusb.sys -> GARMIN Corp. [Ver = 2.1 | Size = 7296 bytes | Modified Date = 23/09/2003 09:42:34 | Attr =	]
(IKFileSec) File Security Driver [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1045 built by: WinDDK | Size = 40840 bytes | Modified Date = 25/08/2008 12:36:28 | Attr =	]
(IkSysFlt) System Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1030 | Size = 66952 bytes | Modified Date = 25/08/2008 12:36:28 | Attr =	]
(IKSysSec) System Security Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1034 | Size = 81288 bytes | Modified Date = 25/08/2008 12:36:30 | Attr =	]
(KLIF) KLIF [File_System | System | Stopped] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Modified Date = 19/07/2007 15:10:28 | Attr =	]
(LEX_AS_NIC_SERVICE_YNOS) LAN-Express AS IEEE 802.11g Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ExpasAG.sys -> Atheros Communications, Inc. [Ver = 4.0.0.167 | Size = 456448 bytes | Modified Date = 10/02/2005 22:07:50 | Attr =	]
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 19/09/2007 19:59:29 | Attr =	]
(PrivateDisk) PrivateDisk [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\privatediskm.sys -> Utimaco Safeware AG [Ver = 1.00.6.7 | Size = 45627 bytes | Modified Date = 06/07/2004 13:07:06 | Attr = R  ]
(srescan) srescan [Kernel | Boot | Stopped] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 189, 0 | Size = 51176 bytes | Modified Date = 27/02/2008 03:10:44 | Attr =	]
(STEC3) STEC3 [Kernel | Auto | Stopped] -> %SystemRoot%\system32\STEC3.sys -> AntiCracking [Ver = 4.00 | Size = 2368 bytes | Modified Date = 22/10/2006 20:53:58 | Attr =	]
(SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\SymIM.sys -> File not found
(SymIMMP) SymIMMP [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\SymIM.sys -> File not found
(tifmsony) tifmsony [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tifmsony.sys -> Texas Instruments [Ver = 2.0.3.9 | Size = 76800 bytes | Modified Date = 10/06/2005 01:31:28 | Attr =	]
(vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 394952 bytes | Modified Date = 09/07/2008 09:05:22 | Attr =	]
(ZSMC301b) Philips SPC315NC Webcam [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbVM31b.sys -> VM [Ver = 4.2.1010.41 | Size = 91527 bytes | Modified Date = 26/02/2005 15:25:52 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 09/03/2007 10:09:58 | Attr =	]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 19:51:55 | Attr =	]
Alcmtr -> %SystemRoot%\ALCMTR.EXE [ALCMTR.EXE] -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 03/05/2005 09:43:28 | Attr =	]
Apoint -> %ProgramFiles%\Apoint\Apoint.exe [C:\Program Files\Apoint\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 5.5.7.136 | Size = 114688 bytes | Modified Date = 07/11/2003 08:21:28 | Attr =	]
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 22/07/2008 19:42:24 | Attr =	]
a-squared -> %ProgramFiles%\a-squared Anti-Malware\a2guard.exe ["C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60] -> File not found
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19/07/2008 15:38:34 | Attr =	]
AzMixerSel -> %ProgramFiles%\Realtek\InstallShield\AzMixerSel.exe [C:\Program Files\Realtek\InstallShield\AzMixerSel.exe] -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 5 | Size = 45056 bytes | Modified Date = 29/04/2005 05:56:44 | Attr =	]
BigDogPath -> %SystemRoot%\VM_STI.EXE [C:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam] -> BIGDOG [Ver = 4, 2, 610, 4 | Size = 40960 bytes | Modified Date = 09/06/2004 14:37:02 | Attr =	]
CanonMyPrinter -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE [C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon] -> CANON INC. [Ver = 1, 5, 0, 0 | Size = 1603152 bytes | Modified Date = 03/04/2007 16:50:00 | Attr =	]
CanonSolutionMenu -> %ProgramFiles%\Canon\SolutionMenu\CNSLMAIN.EXE [C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon] -> CANON INC. [Ver = 1, 0, 1, 0 | Size = 644696 bytes | Modified Date = 14/05/2007 16:01:00 | Attr =	]
HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4333 | Size = 77824 bytes | Modified Date = 29/06/2005 05:33:40 | Attr =	]
hwnwnkfu -> %AllUsersProfile%\Application Data\hwnwnkfu.dll [regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hwnwnkfu.dll"] -> File not found
IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4333 | Size = 94208 bytes | Modified Date = 29/06/2005 05:33:46 | Attr =	]
ISBMgr.exe -> %ProgramFiles%\Sony\ISB Utility\ISBMgr.exe [C:\Program Files\Sony\ISB Utility\ISBMgr.exe] -> Sony Corporation [Ver = 1, 0, 0, 2180 | Size = 32768 bytes | Modified Date = 20/02/2004 13:12:34 | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 30/07/2008 09:47:56 | Attr =	]
Mouse Suite 98 Daemon -> %SystemRoot%\system32\ico.exe [ICO.EXE] -> Primax Electronics Ltd. [Ver = 1, 0, 0, 8 | Size = 45056 bytes | Modified Date = 14/03/2002 15:46:58 | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.7743 | Size = 6746112 bytes | Modified Date = 09/06/2005 07:56:00 | Attr =	]
OpwareSE4 -> %ProgramFiles%\ScanSoft\OmniPageSE4\OpWareSE4.exe ["C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"] -> Nuance Communications, Inc. [Ver = 15.2.6606.1 | Size = 79400 bytes | Modified Date = 04/02/2007 12:02:14 | Attr =	]
PDService.exe -> %ProgramFiles%\Utimaco\SafeGuard PrivateDisk\pdservice.exe [C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe] -> Utimaco Safeware AG [Ver = 1.00.6.7 | Size = 40960 bytes | Modified Date = 06/07/2004 13:15:38 | Attr = R  ]
Persistence -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4333 | Size = 114688 bytes | Modified Date = 29/06/2005 05:33:42 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 27/05/2008 09:50:30 | Attr =	]
RTHDCPL -> %SystemRoot%\RTHDCPL.EXE [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 1.1.2.1 | Size = 14720000 bytes | Modified Date = 29/06/2005 04:25:30 | Attr =	]
SonyPowerCfg -> %ProgramFiles%\Sony\VAIO Power Management\SPMgr.exe [C:\Program Files\Sony\VAIO Power Management\SPMgr.exe] -> Sony Corporation [Ver = 1.7.00.05130 | Size = 184320 bytes | Modified Date = 15/05/2005 04:51:24 | Attr =	]
SsAAD.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe [C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe] ->  [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 07/01/2006 02:36:10 | Attr =	]
SSBkgdUpdate -> %CommonProgramFiles%\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe ["C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot] -> Nuance Communications, Inc. [Ver = 5,2,0,0 | Size = 210472 bytes | Modified Date = 25/10/2006 09:03:38 | Attr =	]
VAIO Update 2 -> %ProgramFiles%\Sony\VAIO Update 2\VAIOUpdt.exe ["C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary] -> Sony Corporation [Ver = 2, 1, 2, 1140 | Size = 151552 bytes | Modified Date = 14/01/2005 12:43:28 | Attr =	]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 919016 bytes | Modified Date = 09/07/2008 09:05:20 | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
RegistryMechanic -> %ProgramFiles%\Registry Mechanic\RegMech.exe [C:\Program Files\Registry Mechanic\RegMech.exe /H] -> PC Tools [Ver = 8.00.0900 | Size = 2828184 bytes | Modified Date = 08/07/2008 16:41:02 | Attr =	]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 3, 25 | Size = 1833296 bytes | Modified Date = 16/09/2008 12:16:08 | Attr = RHS]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\VAIO Launcher.lnk -> %ProgramFiles%\Sony\VAIO Launcher\Launcher.exe -> Sony Corporation [Ver = 1.4.10.06170 | Size = 778240 bytes | Modified Date = 17/06/2005 18:33:16 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\DSLMON.lnk -> %ProgramFiles%\SAGEM\SAGEM F@st 800-840\dslmon.exe ->  [Ver = 1, 0, 0, 1 | Size = 962660 bytes | Modified Date = 03/02/2005 10:03:52 | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\TrayMin315.exe.lnk -> %ProgramFiles%\Philips\Philips SPC315NC Webcam\TrayMin315.exe ->  [Ver = 1, 0, 0, 4 | Size = 278528 bytes | Modified Date = 10/05/2006 12:26:42 | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
karna.dat5.exe.lnk ->  -> File not found
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14/04/2008 00:12:19 | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 14/04/2008 00:12:38 | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 14/04/2008 00:12:24 | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 00:12:05 | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 14/04/2008 00:12:41 | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4333 | Size = 131072 bytes | Modified Date = 29/06/2005 05:33:42 | Attr =	]
VESWinlogon -> %SystemRoot%\system32\VESWinlogon.dll -> Sony Corporation [Ver = 2.1.00.13200 | Size = 73728 bytes | Modified Date = 20/05/2005 16:42:02 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 13/04/2008 18:40:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 11/07/2005 13:04:15 | Attr =	]
AUTORUN.INF [[autorun] | label=Sky Broadband | open=setup.exe | icon=Applications\Sky\Icons\cd.ico | ] -> F:\AUTORUN.INF [ CDFS ] ->  [Ver =  | Size = 82 bytes | Modified Date = 31/10/2006 11:05:30 | Attr = RH ]
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1	   localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://vcl.vaio.sony.co.jp/eu/PforVAIO.htm -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. -> 
sony-europe.com .[*] -> Trusted sites -> 
sonystyle-europe.com .[*] -> Trusted sites -> 
vaio-link.com .[*] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 15/09/2008 14:25:44 | Attr = RHS]
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker BHO] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 02/11/2008 16:08:09 | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R  ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 07/06/2006 10:09:22 | Attr =	]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 02/11/2008 16:08:09 | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_03\bin\NPJPI150_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 69746 bytes | Modified Date = 13/04/2005 03:06:32 | Attr =	]
{08E730A4-FB02-45BD-A900-01E4AD8016F6}:Exec ->  [Sky] -> File not found
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 117 | Size = 1312040 bytes | Modified Date = 31/08/2007 16:40:04 | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 15/09/2008 14:25:44 | Attr = RHS]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe [Yahoo! Messenger] ->  [Ver =  | Size = 2498560 bytes | Modified Date = 07/06/2004 13:44:00 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE -> File not found
Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
Translate into English -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
Sky Broadband -> yes -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{2BB0FBAA-0D94-4252-B7E2-83808916F695} ->	() -> 
{5C2FDD9C-C182-43FE-BA62-76BE5822D03C} ->	(1394 Net Adapter) -> 
{66F64E47-65DD-44DA-A84F-7AED729F6ED5} ->	(Intel(R) PRO/Wireless 2200BG Network Connection) -> 
{92A2492F-3396-46D4-B6C1-9A5DD4F17267} ->	(Intel(R) PRO/100 VE Network Connection) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 24/07/2007 14:17:08 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 31/08/2007 16:40:02 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab[Office Genuine Advantage Validation Tool] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 00:12:00 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 14/04/2008 00:11:56 | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 00:12:00 | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 14/04/2008 00:12:05 | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 14/04/2008 00:12:08 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 832 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 14/04/2008 00:12:05 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 14/04/2008 00:12:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 6F BB A5 38 FC 0E 59 74 CD C8 5B 87 41 7C 64 69 37 33 39 66 61 31 30 65 00 00 00 00 C1 2C 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 4C 06 83 78 B7 08 9F 54 42 A6 E4 73  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 12 BF 2E 29 38 5D BB 88 28  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> B9 44 35 F3 53 A0  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> DE DB 49 CB 42 7B A5 F7 F8 A8 D8 33 1D F1 4F 0E  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> E6 62 F9 4F 30 36 C9 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 00:12:36 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 14532 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 14/04/2008 00:11:55 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 00:12:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 13/04/2008 18:53:32 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 10:34:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02/10/2007 16:18:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 00:12:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 13/04/2008 18:53:32 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 14/04/2008 00:12:28 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> %ProgramFiles%\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.6316.5000 | Size = 1022496 bytes | Modified Date = 21/05/2008 04:54:40 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kontiki\KService.exe -> %ProgramFiles%\Kontiki\KService.exe [C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service] -> Kontiki Inc. [Ver = 5.12.707.160 | Size = 3072184 bytes | Modified Date = 27/02/2008 16:56:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 14:17:08 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.7.1.11 | Size = 20252968 bytes | Modified Date = 30/07/2008 09:47:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.5.0.234 | Size = 22879528 bytes | Modified Date = 31/08/2007 16:40:02 | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE -> %ProgramFiles%\Microsoft ActiveSync\WCESCOMM.EXE [C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 3.7.1.4034 | Size = 401491 bytes | Modified Date = 03/02/2004 05:42:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 10:34:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02/10/2007 16:18:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1700:TCP -> 1700:TCP:*:Enabled:MioNet Remote Drive Access -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1641:TCP -> 1641:TCP:*:Enabled:MioNet Remote Drive Verification -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{BACD6F63-8CDD-4A21-90DD-47FA056EFE82} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{1D88977F-6B6A-4D27-8B23-83096BBA6993} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A404B9D1-D1B6-4DCD-BCB8-7A6822B82F43} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{03F134FC-C812-486C-A215-4AF71D4FDA1A} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{64DB83E6-F024-4187-B0B3-515F50F5F046} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{52F94112-3390-41BC-846B-912D20F84775} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{9AD73789-7FF8-4A3A-AD05-D824E510E515} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{69944444-562E-4908-B676-6F376A2C95D9} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{67302611-C6E7-4F55-978D-DB10B6F9A776} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{833AD49E-480E-4611-955F-9A0DE0E3B5D3} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{F8D83FA6-CCFF-4CD4-BCFF-2E1188EA3180} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A187B96A-6945-4EA2-8D58-4B4458DDF52F} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{F42F71C0-57C7-4B83-8B1C-BB9B08B44C5A} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{5C2FDD9C-C182-43FE-BA62-76BE5822D03C} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2BB0FBAA-0D94-4252-B7E2-83808916F695} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{21BB7650-65B6-4CA7-BDA5-8AD3D8C8E5CC} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{1FB81AF4-859E-4904-A70D-FB5CF461E6B3} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{5608CCA7-F4EB-44B5-807D-74BD0895DA87} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{B702F5A0-E12C-4A89-AC42-7E94FE2CF831} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{92A2492F-3396-46D4-B6C1-9A5DD4F17267} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{D5451B1F-3BFB-4A43-B22E-49BA042FE67D} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{5144EE4B-C6D2-4B5F-9047-156C1A9D4435} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{3598A85F-FB74-48AB-A4D2-C65F394E5345} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 00:12:36 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 14/04/2008 00:12:11 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 26944 bytes | Created Date = 01/11/2008 11:01:56 | Attr =	]
aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 20560 bytes | Created Date = 01/11/2008 11:01:53 | Attr =	]
aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 01/11/2008 11:01:53 | Attr =	]
aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 94416 bytes | Created Date = 01/11/2008 11:01:53 | Attr =	]
aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 23152 bytes | Created Date = 01/11/2008 11:01:58 | Attr =	]
aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 78416 bytes | Created Date = 01/11/2008 11:01:53 | Attr =	]
aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 42912 bytes | Created Date = 01/11/2008 11:01:57 | Attr =	]
ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1045 built by: WinDDK | Size = 40840 bytes | Created Date = 24/10/2008 12:06:42 | Attr =	]
iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1030 | Size = 66952 bytes | Created Date = 24/10/2008 12:06:42 | Attr =	]
iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1034 | Size = 81288 bytes | Created Date = 24/10/2008 12:06:42 | Attr =	]
kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 24/10/2008 12:06:42 | Attr =	]
klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Created Date = 02/11/2008 15:47:16 | Attr =	]
actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx ->  [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 01/11/2008 11:01:37 | Attr =	]
aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 1163960 bytes | Created Date = 01/11/2008 11:01:37 | Attr =	]
AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 94392 bytes | Created Date = 01/11/2008 11:01:54 | Attr =	]
bits -> %SystemRoot%\System32\bits ->  [Folder | Created Date = 24/10/2008 23:21:32 | Attr =	]
244 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
dunzip32.dll -> %SystemRoot%\System32\dunzip32.dll -> Inner Media, Inc. [Ver = 5.00.06 | Size = 143360 bytes | Created Date = 21/10/2008 19:51:04 | Attr =	]
en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 24/10/2008 23:21:32 | Attr =	]
libeay32_0.9.6l.dll -> %SystemRoot%\System32\libeay32_0.9.6l.dll ->  [Ver =  | Size = 796048 bytes | Created Date = 02/11/2008 15:47:05 | Attr =	]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 24/10/2008 23:21:32 | Attr =	]
vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml ->  [Ver =  | Size = 352918 bytes | Created Date = 02/11/2008 15:46:49 | Attr =	]
vsdata.dll -> %SystemRoot%\System32\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 83432 bytes | Created Date = 02/11/2008 15:01:02 | Attr =	]
vsdatant.sys -> %SystemRoot%\System32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 394952 bytes | Created Date = 02/11/2008 15:46:49 | Attr =	]
vsinit.dll -> %SystemRoot%\System32\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 157160 bytes | Created Date = 02/11/2008 15:01:02 | Attr =	]
vsmonapi.dll -> %SystemRoot%\System32\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 103912 bytes | Created Date = 02/11/2008 15:46:50 | Attr =	]
vspubapi.dll -> %SystemRoot%\System32\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 275944 bytes | Created Date = 02/11/2008 15:46:50 | Attr =	]
vsregexp.dll -> %SystemRoot%\System32\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 71144 bytes | Created Date = 02/11/2008 15:47:05 | Attr =	]
vsutil.dll -> %SystemRoot%\System32\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 472552 bytes | Created Date = 02/11/2008 15:01:02 | Attr =	]
vswmi.dll -> %SystemRoot%\System32\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 46568 bytes | Created Date = 02/11/2008 15:46:53 | Attr =	]
vsxml.dll -> %SystemRoot%\System32\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 99816 bytes | Created Date = 02/11/2008 15:46:52 | Attr =	]
zlcomm.dll -> %SystemRoot%\System32\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 83432 bytes | Created Date = 02/11/2008 15:47:04 | Attr =	]
zlcommdb.dll -> %SystemRoot%\System32\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 71144 bytes | Created Date = 02/11/2008 15:47:04 | Attr =	]
zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat ->  [Ver =  | Size = 4212 bytes | Created Date = 02/11/2008 15:47:49 | Attr =  H ]
ZoneLabs -> %SystemRoot%\System32\ZoneLabs ->  [Folder | Created Date = 02/11/2008 15:46:51 | Attr =	]
zpeng24.dll -> %SystemRoot%\System32\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 02/11/2008 15:46:52 | Attr =	]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Created Date = 24/10/2008 21:35:40 | Attr =  H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
EHome -> %SystemRoot%\EHome ->  [Folder | Created Date = 24/10/2008 21:35:21 | Attr =	]
Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Created Date = 02/11/2008 15:01:02 | Attr =	]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 24/10/2008 23:21:32 | Attr =	]
LastGood.Tmp -> %SystemRoot%\LastGood.Tmp ->  [Folder | Created Date = 02/11/2008 15:47:20 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 24/10/2008 23:29:26 | Attr =	]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Created Date = 24/10/2008 23:19:14 | Attr =	]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.483.000 | Size = 75248 bytes | Created Date = 02/11/2008 15:47:28 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier ->  [Folder | Created Date = 02/11/2008 15:47:53 | Attr =	]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 01/11/2008 18:01:11 | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 25/10/2008 08:26:23 | Attr =	]
@Alternate Data Stream - 116 bytes -> %AllUsersProfile%\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 140 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Adobe -> %AppData%\Adobe ->  [Folder | Created Date = 24/10/2008 20:53:58 | Attr =	]
desktop.ini -> %AppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 24/10/2008 20:54:15 | Attr =  HS]
Identities -> %AppData%\Identities ->  [Folder | Created Date = 24/10/2008 20:53:58 | Attr =	]
Macromedia -> %AppData%\Macromedia ->  [Folder | Created Date = 30/10/2008 20:23:15 | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 01/11/2008 18:01:16 | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Created Date = 24/10/2008 20:53:58 | Attr =   S]
Sun -> %AppData%\Sun ->  [Folder | Created Date = 01/11/2008 12:15:00 | Attr =	]
Symantec -> %AppData%\Symantec ->  [Folder | Created Date = 24/10/2008 20:53:58 | Attr =	]
Adobe -> %UserProfile%\Local Settings\Application Data\Adobe ->  [Folder | Created Date = 24/10/2008 20:53:58 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 4608 bytes | Created Date = 01/11/2008 13:18:09 | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 78360 bytes | Created Date = 24/10/2008 20:54:04 | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 832656 bytes | Created Date = 24/10/2008 20:54:03 | Attr =  H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Created Date = 24/10/2008 20:53:58 | Attr =	]
Microsoft Help -> %UserProfile%\Local Settings\Application Data\Microsoft Help ->  [Folder | Created Date = 24/10/2008 20:53:58 | Attr =	]
{3248F0A6-6813-11D6-A77B-00B0D0150030} -> %UserProfile%\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150030} ->  [Folder | Created Date = 24/10/2008 20:53:58 | Attr =	]
desktop.ini -> %UserProfile%\My Documents\desktop.ini ->  [Ver =  | Size = 76 bytes | Created Date = 24/10/2008 20:54:01 | Attr =  HS]
history.html -> %UserProfile%\My Documents\history.html ->  [Ver =  | Size = 580881 bytes | Created Date = 31/10/2008 05:51:31 | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Created Date = 24/10/2008 20:53:57 | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Created Date = 24/10/2008 20:53:57 | Attr = R  ]
My Skype Pictures -> %UserProfile%\My Documents\My Skype Pictures ->  [Folder | Created Date = 24/10/2008 20:53:57 | Attr =	]
avast! Antivirus.lnk -> %AllUsersProfile%\Desktop\avast! Antivirus.lnk ->  [Ver =  | Size = 1713 bytes | Created Date = 01/11/2008 11:01:58 | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 700 bytes | Created Date = 01/11/2008 18:55:27 | Attr =	]
Registry Mechanic.lnk -> %AllUsersProfile%\Desktop\Registry Mechanic.lnk ->  [Ver =  | Size = 742 bytes | Created Date = 02/11/2008 12:47:21 | Attr =	]
Spyware Doctor.lnk -> %AllUsersProfile%\Desktop\Spyware Doctor.lnk ->  [Ver =  | Size = 1641 bytes | Created Date = 29/10/2008 18:34:37 | Attr =	]
Windows Live Messenger .lnk -> %AllUsersProfile%\Desktop\Windows Live Messenger .lnk ->  [Ver =  | Size = 1831 bytes | Created Date = 24/10/2008 23:33:53 | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1738 bytes | Created Date = 01/11/2008 20:26:33 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 02/11/2008 21:36:23 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 02/11/2008 21:27:35 | Attr =	]
setupeng.exe -> %UserProfile%\Desktop\setupeng.exe ->  [Ver = 4.8.1229.0 | Size = 27462344 bytes | Created Date = 01/11/2008 11:00:20 | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 937 bytes | Created Date = 01/11/2008 21:43:36 | Attr =	]
desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 24/10/2008 20:53:58 | Attr =  HS]
VAIO Launcher.lnk -> %UserProfile%\Start Menu\Programs\Startup\VAIO Launcher.lnk ->  [Ver =  | Size = 1636 bytes | Created Date = 24/10/2008 20:53:58 | Attr =	]
Alwil Software -> %ProgramFiles%\Alwil Software ->  [Folder | Created Date = 01/11/2008 11:01:36 | Attr =	]
AntiMalware Pro -> %ProgramFiles%\AntiMalware Pro ->  [Folder | Created Date = 01/11/2008 17:57:00 | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 01/11/2008 18:55:24 | Attr =	]
Registry Mechanic -> %ProgramFiles%\Registry Mechanic ->  [Folder | Created Date = 02/11/2008 12:47:18 | Attr =	]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor ->  [Folder | Created Date = 24/10/2008 12:06:25 | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 01/11/2008 20:26:33 | Attr =	]
Zone Labs -> %ProgramFiles%\Zone Labs ->  [Folder | Created Date = 02/11/2008 15:46:51 | Attr =	]
ZoneAlarmSB -> %ProgramFiles%\ZoneAlarmSB ->  [Folder | Created Date = 02/11/2008 16:08:09 | Attr =	]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 02/11/2008 13:00:48 | Attr =  HS]
ntldr -> %SystemDrive%\ntldr ->  [Ver =  | Size = 250048 bytes | Modified Date = 24/10/2008 21:37:37 | Attr = RHS]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 172 bytes | Modified Date = 29/10/2008 05:45:23 | Attr =  H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 29/10/2008 18:41:06 | Attr =  H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 29/10/2008 18:45:26 | Attr =  H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 29/10/2008 21:52:06 | Attr =  H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 22/10/2008 20:14:49 | Attr =  H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 22/10/2008 20:40:52 | Attr =  H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 23/10/2008 19:36:34 | Attr =  H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 24/10/2008 12:22:38 | Attr =  H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 24/10/2008 16:14:07 | Attr =  H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 24/10/2008 20:44:50 | Attr =  H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 24/10/2008 20:51:30 | Attr =  H ]
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 24/10/2008 22:34:28 | Attr =  H ]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 24/10/2008 23:27:39 | Attr =  H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 24/10/2008 23:37:16 | Attr =  H ]
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 24/10/2008 23:45:26 | Attr =  H ]
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 25/10/2008 08:44:19 | Attr =  H ]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 25/10/2008 11:26:45 | Attr =  H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 25/10/2008 12:00:29 | Attr =  H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 28/10/2008 20:31:08 | Attr =  H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 28/10/2008 21:13:03 | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 172 bytes | Modified Date = 29/10/2008 05:45:22 | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 29/10/2008 18:41:06 | Attr =  H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 29/10/2008 18:45:26 | Attr =  H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 29/10/2008 21:52:06 | Attr =  H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 22/10/2008 20:14:49 | Attr =  H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 22/10/2008 20:40:52 | Attr =  H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 23/10/2008 19:36:34 | Attr =  H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 24/10/2008 12:22:38 | Attr =  H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 24/10/2008 16:14:06 | Attr =  H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 24/10/2008 20:44:50 | Attr =  H ]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 24/10/2008 20:51:30 | Attr =  H ]
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 24/10/2008 22:34:28 | Attr =  H ]
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 24/10/2008 23:27:39 | Attr =  H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 24/10/2008 23:37:16 | Attr =  H ]
sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 24/10/2008 23:45:26 | Attr =  H ]
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 25/10/2008 08:44:19 | Attr =  H ]
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 25/10/2008 11:26:45 | Attr =  H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 25/10/2008 12:00:29 | Attr =  H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 28/10/2008 20:31:08 | Attr =  H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 28/10/2008 21:13:03 | Attr =  H ]
244 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 01/11/2008 11:01:56 | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 300440 bytes | Modified Date = 24/10/2008 23:28:55 | Attr =	]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 22745 bytes | Modified Date = 29/10/2008 21:14:04 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 68574 bytes | Modified Date = 29/10/2008 21:19:12 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 418862 bytes | Modified Date = 29/10/2008 21:19:12 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 494818 bytes | Modified Date = 29/10/2008 21:19:12 | Attr =	]
vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml ->  [Ver =  | Size = 352918 bytes | Modified Date = 02/11/2008 16:12:03 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 02/11/2008 16:17:01 | Attr =	]
zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat ->  [Ver =  | Size = 4212 bytes | Modified Date = 02/11/2008 16:08:10 | Attr =  H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 02/11/2008 16:11:09 | Attr =   S]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 02/11/2008 13:00:48 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 490 bytes | Modified Date = 02/11/2008 13:00:48 | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 24/10/2008 23:30:28 | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 23/10/2008 17:45:02 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 29/10/2008 21:52:19 | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 25/11/2005 19:43:00 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5977 bytes | Modified Date = 29/10/2008 21:19:16 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5563 bytes | Modified Date = 29/10/2008 21:19:16 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 26/02/2007 16:50:32 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11142 bytes | Modified Date = 04/09/2006 19:43:06 | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8682 bytes | Modified Date = 26/02/2007 16:50:32 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 09/09/2008 18:04:35 | Attr =	]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 20/01/2006 19:08:16 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 4608 bytes | Modified Date = 01/11/2008 13:18:13 | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 78360 bytes | Modified Date = 24/10/2008 21:02:26 | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 832656 bytes | Modified Date = 30/10/2008 16:36:48 | Attr =  H ]
history.html -> %UserProfile%\My Documents\history.html ->  [Ver =  | Size = 580881 bytes | Modified Date = 31/10/2008 05:51:31 | Attr =	]
avast! Antivirus.lnk -> %AllUsersProfile%\Desktop\avast! Antivirus.lnk ->  [Ver =  | Size = 1713 bytes | Modified Date = 01/11/2008 11:01:58 | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 700 bytes | Modified Date = 01/11/2008 18:55:27 | Attr =	]
Registry Mechanic.lnk -> %AllUsersProfile%\Desktop\Registry Mechanic.lnk ->  [Ver =  | Size = 742 bytes | Modified Date = 02/11/2008 12:47:21 | Attr =	]
Skype.lnk -> %AllUsersProfile%\Desktop\Skype.lnk ->  [Ver =  | Size = 2257 bytes | Modified Date = 17/10/2008 15:45:09 | Attr =	]
Spyware Doctor.lnk -> %AllUsersProfile%\Desktop\Spyware Doctor.lnk ->  [Ver =  | Size = 1641 bytes | Modified Date = 29/10/2008 18:34:37 | Attr =	]
Windows Live Messenger .lnk -> %AllUsersProfile%\Desktop\Windows Live Messenger .lnk ->  [Ver =  | Size = 1831 bytes | Modified Date = 24/10/2008 23:33:53 | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1738 bytes | Modified Date = 01/11/2008 20:26:33 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 02/11/2008 21:27:41 | Attr =	]
setupeng.exe -> %UserProfile%\Desktop\setupeng.exe ->  [Ver = 4.8.1229.0 | Size = 27462344 bytes | Modified Date = 01/11/2008 11:00:57 | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 937 bytes | Modified Date = 01/11/2008 21:43:36 | Attr =	]

[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
Application Data -> C:\Documents and Settings\Administrator\Application Data ->  [Folder | Modified Date = 01/11/2008 18:01:16 | Attr = RH ]
Adobe -> C:\Documents and Settings\Administrator\Application Data\Adobe ->  [Folder | Modified Date = 23/08/2005 23:05:10 | Attr =	]
Identities -> C:\Documents and Settings\Administrator\Application Data\Identities ->  [Folder | Modified Date = 11/07/2005 13:04:32 | Attr =	]
Macromedia -> C:\Documents and Settings\Administrator\Application Data\Macromedia ->  [Folder | Modified Date = 30/10/2008 20:23:15 | Attr =	]
Malwarebytes -> C:\Documents and Settings\Administrator\Application Data\Malwarebytes ->  [Folder | Modified Date = 01/11/2008 18:01:16 | Attr =	]
Microsoft -> C:\Documents and Settings\Administrator\Application Data\Microsoft ->  [Folder | Modified Date = 30/10/2008 20:13:39 | Attr =   S]
Sony Corporation -> C:\Documents and Settings\Administrator\Application Data\Sony Corporation ->  [Folder | Modified Date = 23/08/2005 22:56:43 | Attr =	]
Sun -> C:\Documents and Settings\Administrator\Application Data\Sun ->  [Folder | Modified Date = 01/11/2008 12:15:00 | Attr =	]
Symantec -> C:\Documents and Settings\Administrator\Application Data\Symantec ->  [Folder | Modified Date = 11/07/2005 16:38:44 | Attr =	]
Application Data -> C:\Documents and Settings\All Users\Application Data ->  [Folder | Modified Date = 01/11/2008 18:01:11 | Attr = RH ]
{2234A1D1-46E6-4623-9F97-B555CB80FF45} -> C:\Documents and Settings\All Users\Application Data\{2234A1D1-46E6-4623-9F97-B555CB80FF45} ->  [Folder | Modified Date = 17/09/2007 18:24:13 | Attr =	]
Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe ->  [Folder | Modified Date = 08/10/2007 20:12:00 | Attr =	]
Adobe Systems -> C:\Documents and Settings\All Users\Application Data\Adobe Systems ->  [Folder | Modified Date = 04/05/2007 21:29:49 | Attr =	]
Apple -> C:\Documents and Settings\All Users\Application Data\Apple ->  [Folder | Modified Date = 26/09/2007 21:28:41 | Attr =	]
Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer ->  [Folder | Modified Date = 01/12/2006 20:26:05 | Attr =	]
CanonBJ -> C:\Documents and Settings\All Users\Application Data\CanonBJ ->  [Folder | Modified Date = 22/02/2008 19:36:02 | Attr =  H ]
FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet ->  [Folder | Modified Date = 11/01/2008 21:33:26 | Attr =	]
Google -> C:\Documents and Settings\All Users\Application Data\Google ->  [Folder | Modified Date = 13/10/2006 19:12:52 | Attr =	]
InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield ->  [Folder | Modified Date = 22/02/2008 19:42:30 | Attr =	]
Intel -> C:\Documents and Settings\All Users\Application Data\Intel ->  [Folder | Modified Date = 11/07/2005 14:26:09 | Attr =	]
Kontiki -> C:\Documents and Settings\All Users\Application Data\Kontiki ->  [Folder | Modified Date = 29/10/2008 21:51:28 | Attr =	]
MailFrontier -> C:\Documents and Settings\All Users\Application Data\MailFrontier ->  [Folder | Modified Date = 02/11/2008 15:47:53 | Attr =	]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes ->  [Folder | Modified Date = 01/11/2008 18:01:11 | Attr =	]
Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft ->  [Folder | Modified Date = 29/04/2008 19:51:48 | Attr =   S]
Microsoft Help -> C:\Documents and Settings\All Users\Application Data\Microsoft Help ->  [Folder | Modified Date = 16/10/2008 16:26:55 | Attr =	]
MSScanAppDataDir -> C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir ->  [Folder | Modified Date = 01/01/2007 21:25:53 | Attr =	]
Office Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage ->  [Folder | Modified Date = 26/04/2007 17:32:11 | Attr =	]
QuickTime -> C:\Documents and Settings\All Users\Application Data\QuickTime ->  [Folder | Modified Date = 25/11/2005 08:39:57 | Attr =	]
Right Hemisphere -> C:\Documents and Settings\All Users\Application Data\Right Hemisphere ->  [Folder | Modified Date = 16/05/2007 15:59:49 | Attr =	]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI ->  [Folder | Modified Date = 11/07/2005 16:27:00 | Attr =	]
ScanSoft -> C:\Documents and Settings\All Users\Application Data\ScanSoft ->  [Folder | Modified Date = 22/02/2008 19:42:16 | Attr =	]
Skype -> C:\Documents and Settings\All Users\Application Data\Skype ->  [Folder | Modified Date = 15/07/2007 20:35:58 | Attr =	]
Sony Corporation -> C:\Documents and Settings\All Users\Application Data\Sony Corporation ->  [Folder | Modified Date = 23/08/2005 23:12:25 | Attr =	]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 01/11/2008 21:46:36 | Attr =	]
SupportSoft -> C:\Documents and Settings\All Users\Application Data\SupportSoft ->  [Folder | Modified Date = 28/10/2007 11:52:32 | Attr =	]
Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec ->  [Folder | Modified Date = 10/09/2008 19:53:20 | Attr =	]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP ->  [Folder | Modified Date = 02/11/2008 21:36:01 | Attr =	]
@Alternate Data Stream - 116 bytes -> %AllUsersProfile%\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 140 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
TomTom -> C:\Documents and Settings\All Users\Application Data\TomTom ->  [Folder | Modified Date = 05/03/2008 17:03:32 | Attr =	]
VAIO Media Platform -> C:\Documents and Settings\All Users\Application Data\VAIO Media Platform ->  [Folder | Modified Date = 23/08/2005 22:59:42 | Attr =	]
Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage ->  [Folder | Modified Date = 26/04/2006 16:24:54 | Attr =	]
WLInstaller -> C:\Documents and Settings\All Users\Application Data\WLInstaller ->  [Folder | Modified Date = 29/04/2008 19:50:40 | Attr =	]
Yahoo! Companion -> C:\Documents and Settings\All Users\Application Data\Yahoo! Companion ->  [Folder | Modified Date = 16/11/2006 20:31:28 | Attr =	]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks ->  [Folder | Modified Date = 01/11/2008 18:11:51 | Attr =   S]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 23/10/2008 17:45:02 | Attr =	]
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = RH ]
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 29/10/2008 21:52:19 | Attr =  H ]
[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Administrator\ntuser.dat, 0
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
< Document and Settings folder & sub folders >
scanning hidden files ...
disk error: C:\Documents and Settings\
please note that you need administrator rights to perform deep scan

< End of report >

Attached Files



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:59 PM

Posted 02 November 2008 - 05:11 PM

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 smackie

smackie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 03 November 2008 - 12:20 PM

kahdah, again thanks for the assistance.

Downloaded and ran combofix as requested, needed to download windows recovery console. Clicked yes to continue scanning for malware. Combofix had a warning saying there was rootkit activity and it needed to reboot. Machine rebooted into normal windows,
then combofix ran again, deleted a number of files and the machine rebooted and produced the following combofix log :-

The machine is back up and running in normal windows now, is there anything else I need to do?

ComboFix 08-11-02.05 - Simon Maxted 2008-11-03 16:52:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1101 [GMT 0:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_003229_.tmp.dll
c:\windows\system32\_003230_.tmp.dll
c:\windows\system32\_003231_.tmp.dll
c:\windows\system32\_003232_.tmp.dll
c:\windows\system32\_003239_.tmp.dll
c:\windows\system32\_003241_.tmp.dll
c:\windows\system32\_003242_.tmp.dll
c:\windows\system32\_003244_.tmp.dll
c:\windows\system32\_003245_.tmp.dll
c:\windows\system32\_003248_.tmp.dll
c:\windows\system32\_003249_.tmp.dll
c:\windows\system32\_003251_.tmp.dll
c:\windows\system32\_003252_.tmp.dll
c:\windows\system32\_003253_.tmp.dll
c:\windows\system32\_003255_.tmp.dll
c:\windows\system32\_003258_.tmp.dll
c:\windows\system32\_003259_.tmp.dll
c:\windows\system32\_003263_.tmp.dll
c:\windows\system32\_003264_.tmp.dll
c:\windows\system32\_003266_.tmp.dll
c:\windows\system32\_003269_.tmp.dll
c:\windows\system32\_003271_.tmp.dll
c:\windows\system32\_003273_.tmp.dll
c:\windows\system32\_003274_.tmp.dll
c:\windows\system32\_003275_.tmp.dll
c:\windows\system32\_003278_.tmp.dll
c:\windows\system32\_003279_.tmp.dll
c:\windows\system32\_003280_.tmp.dll
c:\windows\system32\_003281_.tmp.dll
c:\windows\system32\_003282_.tmp.dll
c:\windows\system32\_003287_.tmp.dll
c:\windows\system32\_003289_.tmp.dll
c:\windows\system32\_003290_.tmp.dll
c:\windows\system32\Drivers\TDSSmhct.sys
c:\windows\system32\drivers\TDSSoiqh.sys
c:\windows\system32\drivers\TDSSpqxt.sys
c:\windows\system32\TDSSbivk.log
c:\windows\system32\TDSSbqbx.dll
c:\windows\system32\TDSSbrsr.dll
c:\windows\system32\TDSSbubx.log
c:\windows\system32\TDSScbqp.dll
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSivbj.dll
c:\windows\system32\TDSSjllx.log
c:\windows\system32\TDSSkpjp.dll
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxh.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSosvd.dll
c:\windows\system32\TDSSosvn.dll
c:\windows\system32\TDSSpqlt.dat
c:\windows\system32\TDSSrdym.dll
c:\windows\system32\TDSSrhym.dll
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsihl.dat
c:\windows\system32\TDSStkdv.dll
c:\windows\system32\TDSSuyfh.log
c:\windows\system32\TDSSxfum.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv
-------\Legacy_TDSSserv
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-10-03 to 2008-11-03 )))))))))))))))))))))))))))))))
.

2008-11-03 16:46 . 2008-11-03 17:07 305,184 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-03 16:46 . 2008-11-03 17:01 5,432 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-02 16:08 . 2008-11-02 16:08 <DIR> d-------- c:\program files\ZoneAlarmSB
2008-11-02 15:47 . 2008-11-02 15:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2008-11-02 15:47 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe
2008-11-02 15:47 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2008-11-02 15:47 . 2008-11-02 16:08 4,212 ---h----- c:\windows\system32\zllictbl.dat
2008-11-02 15:46 . 2008-11-02 15:47 <DIR> d-------- c:\windows\system32\ZoneLabs
2008-11-02 15:46 . 2008-11-02 15:46 <DIR> d-------- c:\program files\Zone Labs
2008-11-02 15:46 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll
2008-11-02 15:46 . 2008-11-03 17:07 352,918 --a------ c:\windows\system32\vsconfig.xml
2008-11-02 15:01 . 2008-11-03 16:49 <DIR> d-------- c:\windows\Internet Logs
2008-11-01 20:26 . 2008-11-01 20:26 <DIR> d-------- c:\program files\Trend Micro
2008-11-01 18:55 . 2008-11-01 18:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-01 18:55 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-01 18:55 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-01 18:01 . 2008-11-01 18:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-01 18:01 . 2008-11-01 18:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-01 17:57 . 2008-11-01 18:51 <DIR> d-------- c:\program files\AntiMalware Pro
2008-11-01 11:01 . 2008-11-01 11:01 <DIR> d-------- c:\program files\Alwil Software
2008-10-29 18:49 . 2008-10-29 18:49 26,624 --a------ c:\windows\system32\TDSSfpmp.dll
2008-10-29 18:49 . 2008-10-29 18:49 26,624 --a------ c:\windows\system32\TDSSciou.dll
2008-10-29 18:46 . 2008-10-29 18:46 26,624 --a------ c:\windows\system32\TDSSnrse.dll
2008-10-25 08:26 . 2008-11-02 21:36 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-10-24 23:21 . 2008-10-24 23:21 <DIR> d-------- c:\windows\system32\scripting
2008-10-24 23:21 . 2008-10-24 23:21 <DIR> d-------- c:\windows\system32\en
2008-10-24 23:21 . 2008-10-24 23:21 <DIR> d-------- c:\windows\system32\bits
2008-10-24 23:21 . 2008-10-24 23:21 <DIR> d-------- c:\windows\l2schemas
2008-10-24 23:19 . 2008-10-24 23:19 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-24 22:31 . 2008-10-24 22:29 608,344 --a------ c:\documents and settings\Simon Maxted\MCPR.exe
2008-10-24 21:35 . 2008-10-24 23:16 <DIR> d-------- c:\windows\EHome
2008-10-24 20:53 . 2005-07-11 16:38 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2008-10-24 20:53 . 2005-08-23 22:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sony Corporation
2008-10-24 20:53 . 2008-10-24 20:53 <DIR> d-------- c:\documents and settings\Administrator
2008-10-24 12:12 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-24 12:06 . 2008-10-31 13:35 <DIR> d-------- c:\program files\Spyware Doctor
2008-10-24 12:06 . 2005-09-23 06:29 626,688 --a------ c:\windows\system32\msvcr80.dll
2008-10-24 12:06 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-10-24 12:06 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-10-24 12:06 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-10-24 12:06 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-10-21 19:51 . 2006-03-03 10:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2008-10-15 19:26 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-15 19:26 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 19:25 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 19:25 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 19:25 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 19:25 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 17:07 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-11-01 21:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-01 21:46 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-01 12:35 --------- d-----w c:\program files\dvpcibca
2008-10-29 21:18 --------- d-----w c:\program files\TomTom HOME 2
2008-10-16 16:26 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-10 20:35 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-09-10 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-09-10 18:36 --------- d-----w c:\program files\Sky Broadband
2008-09-09 18:04 --------- d-----w c:\program files\Microsoft Works
2008-09-09 18:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-09 18:02 --------- d-----w c:\program files\DK Multimedia
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-09-06 17:51 --------- d-----w c:\program files\MoodLogic
2006-12-17 15:07 0 -c--a-w c:\documents and settings\Vicky Evans\Application Data\wklnhst.dat
2006-07-11 20:44 103 -c--a-w c:\documents and settings\All Users\license.dat
2006-06-27 20:43 490 -c--a-w c:\documents and settings\Jessica Maxted\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2004-06-07 2498560]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"Jessops Insert Detect"="c:\program files\Jessops\Picture Suite\InsDetect.exe" [2003-02-17 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 206184]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-09 6746112]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-29 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-29 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-29 114688]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"PDService.exe"="c:\program files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 c:\windows\RTHDCPL.EXE]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Vicky Evans\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [8/23/2005 11:03:18 PM 778240]

c:\documents and settings\Jessica Maxted\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [8/23/2005 11:03:18 PM 778240]

c:\documents and settings\Thomas Maxted\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [8/23/2005 11:03:18 PM 778240]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [8/23/2005 11:03:18 PM 778240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [11/25/2005 11:21:47 AM 962660]
TrayMin315.exe.lnk - c:\program files\Philips\Philips SPC315NC Webcam\TrayMin315.exe [7/24/2007 3:33:17 PM 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\Drivers\PrivateDiskM.sys [2004-07-06 45627]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05 32768]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]
.
Contents of the 'Scheduled Tasks' folder

2008-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-a-squared - c:\program files\a-squared Anti-Malware\a2guard.exe
SafeBoot-TDSSmhct.sys


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O9 -: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
O9 -: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com -
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 17:05:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Kontiki\KService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-03 17:12:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-03 17:11:58

Pre-Run: 6,610,812,928 bytes free
Post-Run: 5,007,384,576 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

309 --- E O F --- 2008-11-03 16:50:46

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:59 PM

Posted 03 November 2008 - 12:45 PM

Yep just a bit more to do then you will be on your way. :thumbsup:
==============
Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    c:\program files\AntiMalware Pro
    c:\windows\system32\TDSSfpmp.dll
    c:\windows\system32\TDSSciou.dll
    c:\windows\system32\TDSSnrse.dll

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
===================================
Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 smackie

smackie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 03 November 2008 - 01:45 PM

OK kahdah,

Downloaded OTMoveIT3 and ran as requested, pasted code into box and hit MoveIt! There was one error 'The application or DLL c:\windows\system32\TDSSciou.dll is not a valid Windows image. Please check this against your installation diskette. Wasn't asked to reboot the machine.........Here is the report :-

========== FILES ==========
c:\program files\AntiMalware Pro moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSfpmp.dll NOT unregistered.
c:\windows\system32\TDSSfpmp.dll moved successfully.
LoadLibrary failed for c:\windows\system32\TDSSciou.dll
c:\windows\system32\TDSSciou.dll NOT unregistered.
c:\windows\system32\TDSSciou.dll moved successfully.
LoadLibrary failed for c:\windows\system32\TDSSnrse.dll
c:\windows\system32\TDSSnrse.dll NOT unregistered.
c:\windows\system32\TDSSnrse.dll moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11032008_182627

Downloaded the latest version of Java to run Kapersky online scanner, but the scanner keeps saying you need the latest version.
When I check the Java version on the Sun site it says that I have the latest version, tried closing all internet explorer windows and
restarting the browser but get the same message each time. Do I need to try a reboot?

Edited by smackie, 04 November 2008 - 01:56 AM.


#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:59 PM

Posted 04 November 2008 - 05:04 AM

HI yes you will have to restat Internet Explorer to get it to reflect the changes.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 smackie

smackie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 04 November 2008 - 07:23 AM

kahdah,

Will reboot machine and post results when I get home tonight. Thanks for the help again.

#10 smackie

smackie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 04 November 2008 - 11:48 AM

kahdah, have rebooted machine but still can't run the Kapersky online scanner. Have enabled Java in internet explorer and restarted the browser but still can't run it. Is there another online scanner I can use?

Thanks.

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:59 PM

Posted 04 November 2008 - 08:44 PM

Yes please try this one:

Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 smackie

smackie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 05 November 2008 - 01:33 PM

kahdah,

Have run the Panda total scan and here is the result :-

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-05 18:29:50
PROTECTIONS: 1
MALWARE: 16
SUSPECTS: 4
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Zone Alarm Security Suite 7.0.483.000 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Simon Maxted\Cookies\simon_maxted@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Simon Maxted\Cookies\simon_maxted@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Simon Maxted\Cookies\simon_maxted@atdmt[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Simon Maxted\Cookies\simon_maxted@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Simon Maxted\Cookies\simon_maxted@ad.yieldmanager[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Simon Maxted\Cookies\simon_maxted@advertising[1].txt
00431239 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSrhym.dll.vir
00431239 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{EE8B4CBF-618C-47CB-973B-B509954157CB}\RP2\A0000052.dll
00431267 Bck/TDSS.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSmhct.sys.vir
00431267 Bck/TDSS.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EE8B4CBF-618C-47CB-973B-B509954157CB}\RP2\A0000048.sys
00437516 Rootkit/Alureon.G HackTools No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSoiqh.sys.vir
00438759 Bck/Tdss.C Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnmxh.dll.vir
00438776 Bck/Tdss.C Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSbqbx.dll.vir
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{EE8B4CBF-618C-47CB-973B-B509954157CB}\RP2\A0000082.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{EE8B4CBF-618C-47CB-973B-B509954157CB}\RP2\A0000062.sys
03939300 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{EE8B4CBF-618C-47CB-973B-B509954157CB}\RP2\A0000051.dll
03939300 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqh.dll.vir
03939303 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSxfum.dll.vir
03939303 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{EE8B4CBF-618C-47CB-973B-B509954157CB}\RP2\A0000054.dll
03939308 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSbrsr.dll.vir
03939308 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{EE8B4CBF-618C-47CB-973B-B509954157CB}\RP2\A0000049.dll
03939308 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSrdym.dll.vir
03939308 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSofxh.dll.vir
03939310 Adware/UltimateDefender Adware No 0 Yes No C:\System Volume Information\_restore{EE8B4CBF-618C-47CB-973B-B509954157CB}\RP2\A0000053.dll
03939310 Adware/UltimateDefender Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSStkdv.dll.vir
03939310 Adware/UltimateDefender Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSriqp.dll.vir
03939310 Adware/UltimateDefender Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSosvd.dll.vir
04028478 Generic Malware Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSpqxt.sys.vir
;===================================================================================================================================================================================
SUSPECTS
Sent Location J
;===================================================================================================================================================================================
No C:\Documents and Settings\Administrator\Desktop\ComboFix.exe J
No C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] J
No C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] J
No C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] J
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description J
;===================================================================================================================================================================================
;===================================================================================================================================================================================

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:59 PM

Posted 06 November 2008 - 05:45 AM

Looks great can I see a fresh Hijackthis log and we will wrap it up.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 smackie

smackie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 06 November 2008 - 11:47 AM

kahdah,

Thanks, here is the Hijack this log file :-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:31, on 06/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Jessops\Picture Suite\InsDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Philips\Philips SPC315NC Webcam\TrayMin315.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Jessops Insert Detect] C:\Program Files\Jessops\Picture Suite\InsDetect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: TrayMin315.exe.lnk = ?
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk...ows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 16011 bytes

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:59 PM

Posted 06 November 2008 - 01:09 PM

Hi do you see Avast icon running next to your clock?
If not then re-install it.
=================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users