Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus problem


  • Please log in to reply
16 replies to this topic

#1 dzm

dzm

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 24 January 2009 - 05:05 AM

Hi,all.I'm having difficulty with one virus and that is "net-worm.win32.kido.ih".I use zone alarm security suite and it cannot be deleted and zasuite only reports that i have it.when i try to delete it on reboot and it seems to delete it but it multipies and i cant trace it.is there any help with this?
Sorry for my bad english.
regards from Serbia

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:21 PM

Posted 24 January 2009 - 10:38 AM

Hello dzm, I'll try to stick with you.. Please run a n MBAM scan below and return the log,thanks..

Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dzm

dzm
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 25 January 2009 - 05:25 AM

Unfortenatly my system has went down so I needed to pun fresh on and after that it showed me no infections but this morning it restarted all the time(I wasnt able to acess to windows),i tried to go to safe mode but it still restarted again.Then i used Hirens boot disk to check my hard drive and in partition manager when i checked "c"drive for errors i had none but one:"partition has been dismounted..." so i had to instal new system again :thumbsup: .Now Malwarebytes is showing no infections on my computer but im very concerned that this problem will reappear nexto morning.whhat should i do?
I forgot to say that this is happening on my server in pc club

Edited by dzm, 25 January 2009 - 05:26 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:21 PM

Posted 25 January 2009 - 12:48 PM

The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS. This guarantees it to be gone.
Use the free version of KillDisk.

One of the best sources of Information on Format and Install is http://www.michaelstevenstech.com/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dzm

dzm
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 27 January 2009 - 05:34 AM

Well,im here again.Thanks for advice for Killdisk.I ran it formated c: and installed fresh copy of windows,after that i installed ZoneAlarm SecuritySuite 7.0.462 scanned my pc but found net-worm.win32.kido.ih again zone alarm renamed it.Installed drivers from cd's and programs on my hdd,but i first scanned them some of them had infections but za repaired them.Was it safe to run them after that?Now net-worm.win32.kido.ih is spread on my c: drive again.Malwarebytes has shown no malwares on my system.Here's the log:

Malwarebytes' Anti-Malware 1.33
Database version: 1698
Windows 5.1.2600 Service Pack 1

1/27/2009 11:32:53 AM
mbam-log-2009-01-27 (11-32-53).txt

Scan type: Quick Scan
Objects scanned: 41488
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:21 PM

Posted 27 January 2009 - 10:32 AM

Lets' get a look with SAS too,please.

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opers browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post log and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 dzm

dzm
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 28 January 2009 - 04:38 AM

HERE'S THE LOG:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/28/2009 at 10:23 AM

Application Version : 4.25.1012

Core Rules Database Version : 3732
Trace Rules Database Version: 1702

Scan type : Complete Scan
Total Scan Time : 00:07:16

Memory items scanned : 194
Memory threats detected : 0
Registry items scanned : 3193
Registry threats detected : 0
File items scanned : 12925
File threats detected : 10

Adware.Tracking Cookie
C:\Documents and Settings\As\Cookies\as@2o7[1].txt
C:\Documents and Settings\As\Cookies\as@doubleclick[1].txt
C:\Documents and Settings\As\Cookies\as@cgm.adbureau[2].txt
C:\Documents and Settings\As\Cookies\as@adbureau[1].txt
C:\Documents and Settings\As\Cookies\as@pornhub[2].txt
C:\Documents and Settings\As\Cookies\as@www.pornhub[2].txt
C:\Documents and Settings\As\Cookies\as@msnportal.112.2o7[1].txt
C:\Documents and Settings\As\Cookies\as@questionmarket[1].txt
C:\Documents and Settings\As\Cookies\as@mediaplex[2].txt
C:\Documents and Settings\As\Cookies\as@atdmt[2].txt

I can see that pornhub is there but i newer go to sites of that kind....

Edited by dzm, 28 January 2009 - 04:39 AM.


#8 dzm

dzm
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 28 January 2009 - 04:57 AM

Do you need log from Zone alarm?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:21 PM

Posted 28 January 2009 - 10:40 AM

yes please as these are only tracking cookis. i would like to see where it is,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 dzm

dzm
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 29 January 2009 - 03:23 AM

Here:
ZoneAlarm Logging Client v7.0.462.000
Windows XP-5.1.2600-Service Pack 1-SMP
type,date,time,source,destination,transport (Security)
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)
AV/scan,2009/01/28,14:31:00 +1:00 GMT,Multiple Files,Scan Cancelled,Manual
AV/treatment,2009/01/28,14:32:34 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\jumgjuzl[1].gif,File Repair Failed,Auto
,2009/01/28,14:32:56 +1:00 GMT,
AV/treatment,2009/01/28,14:32:56 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\jumgjuzl[1].gif,File Repair Failed,Auto
,2009/01/28,14:32:56 +1:00 GMT,
,2009/01/28,14:32:56 +1:00 GMT,
AV/treatment,2009/01/28,14:32:56 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\jumgjuzl[1].gif,File Repair Failed,Auto
,2009/01/28,14:32:56 +1:00 GMT,
AV/treatment,2009/01/28,14:33:14 +1:00 GMT,,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\jumgjuzl[1].gif,Rename Failed,Manual
AV/scan,2009/01/28,14:33:14 +1:00 GMT,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\jumgjuzl[1].gif,Scan Completed,Manual
AV/treatment,2009/01/28,14:33:14 +1:00 GMT,,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\jumgjuzl[1].gif,Delete Failed,Manual
AV/scan,2009/01/28,14:33:14 +1:00 GMT,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\jumgjuzl[1].gif,Scan Completed,Manual
AV/treatment,2009/01/28,14:33:16 +1:00 GMT,,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\jumgjuzl[1].gif,Deleted on Reboot,Manual
AV/treatment,2009/01/28,14:43:56 +1:00 GMT,,,,Auto
OSFW,2009/01/28,14:44:06 +1:00 GMT,UNKNOWN(0),Steam,D:\Heroes3\Data\hl2\SteamTmp.exe,PROCESS,SPAWNPROCESS,SRC,D:\Heroes3\Data\hl2\Steam.exe,e2f041f2-09d4adda-9882778a-11eab922,ab922,8b-935db43d
AV/treatment,2009/01/28,15:02:42 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\zrjzww[1].jpg,File Repair Failed,Auto
,2009/01/28,15:03:04 +1:00 GMT,
AV/treatment,2009/01/28,15:03:04 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\zrjzww[1].jpg,File Repair Failed,Auto
,2009/01/28,15:03:04 +1:00 GMT,
AV/treatment,2009/01/28,15:03:04 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\zrjzww[1].jpg,File Repair Failed,Auto
,2009/01/28,15:03:04 +1:00 GMT,
AV/treatment,2009/01/28,15:53:08 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VU61W6SX\hdkru[1].bmp,File Repair Failed,Auto
,2009/01/28,15:54:30 +1:00 GMT,
AV/treatment,2009/01/28,15:54:30 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VU61W6SX\hdkru[1].bmp,File Repair Failed,Auto
,2009/01/28,15:54:30 +1:00 GMT,
AV/treatment,2009/01/28,15:54:30 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VU61W6SX\hdkru[1].bmp,File Repair Failed,Auto
,2009/01/28,15:54:32 +1:00 GMT,
AV/treatment,2009/01/28,15:54:56 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B8LVGQEQ\dpjia[1].bmp,File Repair Failed,Auto
,2009/01/28,15:56:22 +1:00 GMT,
AV/treatment,2009/01/28,15:56:22 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B8LVGQEQ\dpjia[1].bmp,File Repair Failed,Auto
,2009/01/28,15:56:24 +1:00 GMT,
AV/treatment,2009/01/28,15:56:24 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B8LVGQEQ\dpjia[1].bmp,File Repair Failed,Auto
,2009/01/28,15:56:24 +1:00 GMT,
AV/treatment,2009/01/28,15:56:24 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B8LVGQEQ\dpjia[1].bmp,File Repair Failed,Auto
,2009/01/28,15:56:24 +1:00 GMT,
AV/treatment,2009/01/28,15:56:24 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B8LVGQEQ\dpjia[1].bmp,File Repair Failed,Auto
,2009/01/28,15:56:24 +1:00 GMT,
AV/update,2009/01/28,16:28:28 +1:00 GMT,,Update Install Completed,Auto
AV/treatment,2009/01/28,16:29:02 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\pavfehn[1].png,File Repair Failed,Auto
,2009/01/28,16:29:32 +1:00 GMT,
AV/treatment,2009/01/28,16:29:32 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\pavfehn[1].png,File Repair Failed,Auto
,2009/01/28,16:29:32 +1:00 GMT,
AV/treatment,2009/01/28,16:59:24 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\yvypyd[1].gif,File Repair Failed,Auto
,2009/01/28,16:59:56 +1:00 GMT,
AV/treatment,2009/01/28,16:59:56 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\yvypyd[1].gif,File Repair Failed,Auto
,2009/01/28,16:59:56 +1:00 GMT,
AV/treatment,2009/01/28,17:09:12 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\System32\x,File Repair Failed,Auto
,2009/01/28,17:09:40 +1:00 GMT,
AV/treatment,2009/01/28,17:09:40 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VU61W6SX\tyxwo[1].gif,File Repair Failed,Auto
,2009/01/28,17:09:46 +1:00 GMT,
AV/treatment,2009/01/28,17:09:46 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\x,File Repair Failed,Auto
,2009/01/28,17:09:46 +1:00 GMT,
AV/treatment,2009/01/28,17:29:38 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B8LVGQEQ\zrjzww[1].gif,File Repair Failed,Auto
,2009/01/28,17:31:00 +1:00 GMT,
AV/treatment,2009/01/28,17:31:00 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\System32\x,File Repair Failed,Auto
,2009/01/28,17:31:06 +1:00 GMT,
AV/treatment,2009/01/28,17:31:06 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B8LVGQEQ\zrjzww[1].gif,File Repair Failed,Auto
,2009/01/28,17:31:06 +1:00 GMT,
AV/treatment,2009/01/28,17:31:06 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\x,File Repair Failed,Auto
,2009/01/28,17:31:06 +1:00 GMT,
AV/treatment,2009/01/28,17:34:46 +1:00 GMT,,,,Auto
AV/treatment,2009/01/28,17:58:02 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\qxjjjcro[1].bmp,File Repair Failed,Auto
,2009/01/28,17:58:30 +1:00 GMT,
AV/treatment,2009/01/28,17:58:30 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\qxjjjcro[1].bmp,File Repair Failed,Auto
,2009/01/28,17:58:30 +1:00 GMT,
AV/treatment,2009/01/28,17:58:56 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\System32\x,File Repair Failed,Auto
,2009/01/28,17:59:02 +1:00 GMT,
AV/treatment,2009/01/28,17:59:08 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\npqs[1].bmp,File Repair Failed,Auto
,2009/01/28,17:59:14 +1:00 GMT,
AV/treatment,2009/01/28,17:59:22 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\System32\x,File Repair Failed,Auto
,2009/01/28,17:59:28 +1:00 GMT,
AV/treatment,2009/01/28,17:59:34 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VU61W6SX\sexasc[1].bmp,File Repair Failed,Auto
,2009/01/28,17:59:40 +1:00 GMT,
AV/treatment,2009/01/28,18:00:48 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B8LVGQEQ\jhicu[1].png,File Repair Failed,Auto
,2009/01/28,18:00:54 +1:00 GMT,
AV/treatment,2009/01/28,18:00:54 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B8LVGQEQ\jhicu[1].png,File Repair Failed,Auto
,2009/01/28,18:00:56 +1:00 GMT,
AV/treatment,2009/01/28,18:00:56 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B8LVGQEQ\jhicu[1].png,File Repair Failed,Auto
,2009/01/28,18:00:56 +1:00 GMT,
AV/treatment,2009/01/28,18:26:24 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\avzk[1].png,File Repair Failed,Auto
,2009/01/28,18:26:54 +1:00 GMT,
AV/treatment,2009/01/28,18:26:54 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\avzk[1].png,File Repair Failed,Auto
,2009/01/28,18:26:54 +1:00 GMT,
AV/treatment,2009/01/28,18:26:54 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\avzk[1].png,File Repair Failed,Auto
,2009/01/28,18:26:54 +1:00 GMT,
AV/treatment,2009/01/28,19:07:34 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\pavfehn[1].bmp,File Repair Failed,Auto
,2009/01/28,19:08:12 +1:00 GMT,
AV/treatment,2009/01/28,19:22:44 +1:00 GMT,,,,Auto
AV/treatment,2009/01/28,19:30:30 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VU61W6SX\tyxwo[1].gif,File Repair Failed,Auto
,2009/01/28,19:31:06 +1:00 GMT,
AV/treatment,2009/01/28,19:31:06 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VU61W6SX\tyxwo[1].gif,File Repair Failed,Auto
,2009/01/28,19:31:06 +1:00 GMT,
AV/update,2009/01/28,19:34:58 +1:00 GMT,,Update Install Completed,Auto
AV/treatment,2009/01/28,20:01:06 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VU61W6SX\zrjzww[1].jpg,File Repair Failed,Auto
,2009/01/28,20:01:38 +1:00 GMT,
AV/treatment,2009/01/28,20:01:38 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VU61W6SX\zrjzww[1].jpg,File Repair Failed,Auto
,2009/01/28,20:01:38 +1:00 GMT,
AV/treatment,2009/01/28,20:01:38 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VU61W6SX\zrjzww[1].jpg,File Repair Failed,Auto
,2009/01/28,20:01:40 +1:00 GMT,
AV/treatment,2009/01/28,20:16:16 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\System32\x,File Repair Failed,Auto
,2009/01/28,20:16:24 +1:00 GMT,
AV/treatment,2009/01/28,20:16:30 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\qxjjjcro[1].bmp,File Repair Failed,Auto
,2009/01/28,20:16:38 +1:00 GMT,
AV/treatment,2009/01/28,20:16:38 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\sexasc[1].png,File Repair Failed,Auto
,2009/01/28,20:16:44 +1:00 GMT,
AV/treatment,2009/01/28,20:16:44 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\sexasc[1].png,File Repair Failed,Auto
,2009/01/28,20:16:46 +1:00 GMT,
AV/treatment,2009/01/28,20:16:46 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\sexasc[1].png,File Repair Failed,Auto
,2009/01/28,20:16:46 +1:00 GMT,
AV/treatment,2009/01/28,20:16:46 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\sexasc[1].png,File Repair Failed,Auto
,2009/01/28,20:16:46 +1:00 GMT,
AV/treatment,2009/01/28,21:09:38 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\System32\x,File Repair Failed,Auto
,2009/01/28,21:09:48 +1:00 GMT,
AV/treatment,2009/01/28,21:09:52 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VU61W6SX\avzk[1].png,File Repair Failed,Auto
,2009/01/28,21:09:58 +1:00 GMT,
AV/treatment,2009/01/28,21:24:52 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\balwxp[1].jpg,File Repair Failed,Auto
,2009/01/28,21:24:52 +1:00 GMT,
AV/treatment,2009/01/28,21:24:52 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\balwxp[1].jpg,File Repair Failed,Auto
,2009/01/28,21:24:52 +1:00 GMT,
AV/treatment,2009/01/28,21:24:52 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\balwxp[1].jpg,File Repair Failed,Auto
,2009/01/28,21:24:52 +1:00 GMT,
AV/treatment,2009/01/28,21:41:22 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B8LVGQEQ\pavfehn[1].bmp,File Repair Failed,Auto
,2009/01/28,21:41:22 +1:00 GMT,
AV/treatment,2009/01/28,21:41:22 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B8LVGQEQ\pavfehn[1].bmp,File Repair Failed,Auto
,2009/01/28,21:41:22 +1:00 GMT,
AV/treatment,2009/01/28,21:41:22 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B8LVGQEQ\pavfehn[1].bmp,File Repair Failed,Auto
,2009/01/28,21:41:30 +1:00 GMT,
AV/treatment,2009/01/28,22:02:40 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\cqijvyf[1].jpg,File Repair Failed,Auto
,2009/01/28,22:03:24 +1:00 GMT,
AV/treatment,2009/01/28,22:03:24 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\cqijvyf[1].jpg,File Repair Failed,Auto
,2009/01/28,22:03:24 +1:00 GMT,
AV/update,2009/01/28,22:28:24 +1:00 GMT,,Update Install Completed,Auto
AV/treatment,2009/01/28,23:47:16 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\balwxp[1].jpg,File Repair Failed,Auto
,2009/01/28,23:47:38 +1:00 GMT,
AV/treatment,2009/01/28,23:47:38 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\System32\x,File Repair Failed,Auto
,2009/01/28,23:47:46 +1:00 GMT,
AV/treatment,2009/01/28,23:47:46 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\balwxp[2].jpg,File Repair Failed,Auto
,2009/01/28,23:47:52 +1:00 GMT,
AV/treatment,2009/01/28,23:47:52 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\x,File Repair Failed,Auto
,2009/01/28,23:47:52 +1:00 GMT,
AV/treatment,2009/01/29,00:39:30 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\System32\x,File Repair Failed,Auto
,2009/01/29,00:40:06 +1:00 GMT,
AV/treatment,2009/01/29,00:40:06 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\cqijvyf[1].gif,File Repair Failed,Auto
,2009/01/29,00:40:12 +1:00 GMT,
AV/treatment,2009/01/29,00:40:12 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\cqijvyf[1].gif,File Repair Failed,Auto
,2009/01/29,00:40:12 +1:00 GMT,
AV/treatment,2009/01/29,00:40:12 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\x,File Repair Failed,Auto
,2009/01/29,00:40:12 +1:00 GMT,
AV/update,2009/01/29,01:29:04 +1:00 GMT,,Update Install Completed,Auto
AV/treatment,2009/01/29,02:04:42 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\mcfuzby[1].png,File Repair Failed,Auto
,2009/01/29,02:05:12 +1:00 GMT,
AV/treatment,2009/01/29,02:05:12 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\mcfuzby[1].png,File Repair Failed,Auto
,2009/01/29,02:05:12 +1:00 GMT,
AV/treatment,2009/01/29,03:05:06 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\cqijvyf[1].gif,File Repair Failed,Auto
,2009/01/29,03:05:38 +1:00 GMT,
AV/treatment,2009/01/29,03:05:38 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\cqijvyf[1].gif,File Repair Failed,Auto
,2009/01/29,03:05:38 +1:00 GMT,
AV/treatment,2009/01/29,03:05:38 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ARYDABEH\cqijvyf[1].gif,File Repair Failed,Auto
,2009/01/29,03:05:38 +1:00 GMT,
AV/treatment,2009/01/29,04:15:12 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\fdea[1].gif,File Repair Failed,Auto
,2009/01/29,04:15:48 +1:00 GMT,
AV/treatment,2009/01/29,04:15:48 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VXYV3TCU\fdea[1].gif,File Repair Failed,Auto
,2009/01/29,04:16:38 +1:00 GMT,
AV/update,2009/01/29,04:28:40 +1:00 GMT,,Update Install Completed,Auto
AV/treatment,2009/01/29,04:47:10 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VU61W6SX\mcfuzby[1].gif,File Repair Failed,Auto
,2009/01/29,04:47:54 +1:00 GMT,
AV/treatment,2009/01/29,04:47:54 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VU61W6SX\mcfuzby[1].gif,File Repair Failed,Auto
,2009/01/29,04:47:54 +1:00 GMT,
AV/treatment,2009/01/29,04:47:54 +1:00 GMT,Net-Worm.Win32.Kido.ih,C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VU61W6SX\mcfuzby[1].gif,File Repair Failed,Auto
,2009/01/29,04:47:54 +1:00 GMT,
AV/treatment,2009/01/29,09:21:46 +1:00 GMT,,,,Auto

#11 dzm

dzm
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 30 January 2009 - 05:36 AM

Any news yet?Because it is my server in pc club and its choking my shared internet.I need a fast reply cuz im loosing customers :thumbsup:

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:21 PM

Posted 30 January 2009 - 04:35 PM

You should Update and run MBam again but with a Full scan so it scans alll the drives.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 dzm

dzm
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 07 February 2009 - 05:56 AM

:flowers: I formatted every computer (9 pc's) on my network and now im having trouble with another infection :thumbsup: I cant access any antivirus sites and microsoft site.It drives me mad!How can I get rid of this and it would be nice of you ppl to tell me does this infection spread thru network,and if it does how can i clean it?I have tried out the steps from another posts with same problems and here are the logs:

GMER:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-07 10:49:48
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xF40C6040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xF40C2930]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xF40CDA80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xF40C6510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xF40CC870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xF40CCAA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xF40CFFD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xF40C6600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xF40C2F20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xF40CE6E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xF40CE440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xF40CC580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xF40CE8B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xF40C2D70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xF40CC350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xF40CC150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xF40CF250]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xF40CECB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xF40C5C00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xF40CF080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xF40C6220]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xF40C3120]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xF40CE140]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xF40CCCD0]

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwCallbackReturn + 27C8 804FE090 12 Bytes [ 10, 65, 0C, F4, 70, C8, 0C, ... ]
? srescan.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes JMP 01659DC2
.text C:\WINDOWS\System32\svchost.exe[1164] NETAPI32.dll!NetpwPathCanonicalize 71C22B51 5 Bytes JMP 01659D62
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes JMP 006D9DC2
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1836] kernel32.dll!SetUnhandledExceptionFilter 77E7E5A1 9 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F40CB320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F40CB1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F40CACA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F40CAE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F40CAE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F40CACA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F40CB320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F40CB1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F40CACA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F40CB320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F40CB1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F40CAE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F40CB320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F40CACA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F40CB1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F40CAE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F40CACA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F40CB1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F40CB320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F40D8330] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F40CACA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F40CAE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F40CB320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F40CB1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F40C3670] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F40C35C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F40C3770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F40C32D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Devices - GMER 1.0.14 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \FileSystem\Fastfat \Fat B7DFA143
Device \FileSystem\Fastfat \Fat B7E0EAC6

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] norswdqg <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\norswdqg@DisplayName Config Task
Reg HKLM\SYSTEM\CurrentControlSet\Services\norswdqg@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\norswdqg@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\norswdqg@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\norswdqg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\norswdqg@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\norswdqg@Description Provides system and desktop level support to the NVIDIA display driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\norswdqg\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\norswdqg\Parameters@ServiceDll C:\WINDOWS\System32\jgfyfd.dll
Reg HKLM\SYSTEM\ControlSet002\Services\norswdqg@DisplayName Config Task
Reg HKLM\SYSTEM\ControlSet002\Services\norswdqg@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\norswdqg@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\norswdqg@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\norswdqg@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\norswdqg@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\norswdqg@Description Provides system and desktop level support to the NVIDIA display driver
Reg HKLM\SYSTEM\ControlSet002\Services\norswdqg\Parameters
Reg HKLM\SYSTEM\ControlSet002\Services\norswdqg\Parameters@ServiceDll C:\WINDOWS\System32\jgfyfd.dll

---- EOF - GMER 1.0.14 ----









OTSCANIT:


OTScanIt logfile created on: 2008-05-28 22:07:48
OTScanIt by OldTimer - Version 1.0.15.2	 Folder = C:\Documents and Settings\Administrator\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: yyyy-MM-dd
 
1023.00 Mb Total Physical Memory | 794.76 Mb Available Physical Memory | 77.69% Memory free
2.40 Gb Paging File | 2.32 Gb Available in Paging File | 96.66% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 49.98 Gb Free Space | 44.74% Space Free | Partition Type: NTFS
Drive D: | 7.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: All users

[Processes - Non-Microsoft Only]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.2 | Size = 374272 bytes | Modified Date = 2008-05-28 02:37:38 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4180 | Size = 495616 bytes | Modified Date = 2007-10-17 11:54:20 | Attr =	]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\ati2sgag.exe ->  [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 2007-10-16 20:05:00 | Attr =	]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 2008-02-10 10:06:33 | Attr =	]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 22:31:10 | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 2008-01-26 11:47:02 | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 2008-01-26 11:47:02 | Attr =	]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 2008-01-26 11:47:02 | Attr =	]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 3.0.0.71 | Size = 55640 bytes | Modified Date = 2007-08-22 18:21:30 | Attr =	]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 1999-12-13 03:01:00 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 17:56:48 | Attr =	]
(GBPoll) GoBack Polling Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Norton SystemWorks\Norton GoBack\GBPoll.exe -> Symantec Corporation [Ver = 4.11.371 | Size = 595632 bytes | Modified Date = 2005-11-14 08:24:04 | Attr = R  ]
(gusvc) Google Updater Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 2008-05-24 18:53:47 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-03 23:41:10 | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.1.232 | Size = 3220856 bytes | Modified Date = 2008-02-10 10:06:25 | Attr =	]
(LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 2008-01-26 11:47:02 | Attr =	]
(MaxBackServiceInt) MaxBackServiceInt [Win32_Own | Auto | Stopped] ->  -> File not found
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 2003-03-03 15:33:40 | Attr =	]
(NProtectService) Norton UnErase Protection [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -> Symantec Corporation [Ver = 19.0.1.8 | Size = 95832 bytes | Modified Date = 2005-11-03 17:08:01 | Attr =	]
(NSCService) Norton Protection Center Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 2006-12-15 12:36:28 | Attr =	]
(NTService1) MaxSyncService [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Maxtor\OneTouch\Utils\SyncServices.exe ->   [Ver = 1, 0, 0, 1 | Size = 106496 bytes | Modified Date = 2006-02-07 15:10:14 | Attr =	]
(PCTAVSvc) PC Tools AntiVirus Engine [Win32_Own | Auto | Stopped] -> %ProgramFiles%\PC Tools AntiVirus\PCTAVSvc.exe -> PC Tools Research Pty Ltd [Ver = 4, 0, 0, 26 | Size = 767888 bytes | Modified Date = 2008-03-05 08:37:32 | Attr =	]
(pr2ah4nc) DiRT Drivers Auto Removal (pr2ah4nc) [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\pr2ah4nc.exe -> CODEMASTERS [Ver = 2.09 | Size = 410984 bytes | Modified Date = 2007-08-18 03:35:20 | Attr =	]
(ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\PSIService.exe ->  [Ver = 2.0.0.1 | Size = 177704 bytes | Modified Date = 2007-06-05 12:20:32 | Attr =	]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.40 | Size = 747912 bytes | Modified Date = 2008-02-01 12:55:54 | Attr =	]
(sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.74 | Size = 948616 bytes | Modified Date = 2008-02-01 12:55:56 | Attr =	]
(Speed Disk service) Speed Disk service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -> Symantec Corporation [Ver = 7.00.0.24 | Size = 176193 bytes | Modified Date = 2005-11-03 16:44:58 | Attr =	]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1245064 bytes | Modified Date = 2008-02-25 22:06:30 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 107.0.4.2 | Size = 51048 bytes | Modified Date = 2008-01-26 11:47:22 | Attr =	]
CTDVDDet -> %ProgramFiles%\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe [C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE] -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 45056 bytes | Modified Date = 2002-09-30 03:00:00 | Attr =	]
CTSysVol -> %ProgramFiles%\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe] -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 2002-10-29 11:18:24 | Attr =	]
EPSON Stylus Photo RX700 Series -> %SystemRoot%\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATI9IE.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE /P31 "EPSON Stylus Photo RX700 Series" /O6 "USB001" /M "Stylus Photo RX700"] -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 98304 bytes | Modified Date = 2004-11-10 13:00:00 | Attr =	]
NeroFilterCheck -> %SystemRoot%\SYSTEM32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 2001-07-09 10:50:42 | Attr =	]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe ["C:\Program Files\Norton Internet Security\osCheck.exe"] -> Symantec Corporation [Ver = 15.5.0.32 | Size = 718704 bytes | Modified Date = 2008-02-07 16:49:38 | Attr =	]
PCTAVApp -> %ProgramFiles%\PC Tools AntiVirus\PCTAV.exe ["C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN] -> PC Tools Research Pty Ltd [Ver = 4, 0, 0, 26 | Size = 1238928 bytes | Modified Date = 2008-03-05 09:37:56 | Attr =	]
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"] ->  [Ver =  | Size = 90112 bytes | Modified Date = 2006-11-10 11:35:24 | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.49 | Size = 443968 bytes | Modified Date = 2008-02-26 11:23:34 | Attr =	]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.49 | Size = 443968 bytes | Modified Date = 2008-02-26 11:23:34 | Attr =	]
< A Startup Folder > -> C:\Documents and Settings\A\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< K Startup Folder > -> C:\Documents and Settings\K\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 2007-05-30 22:29:58 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500] > -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\SYSTEM32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 2007-10-17 11:55:44 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500] > -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 2004-08-04 15:59:52 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CDDVDW_SH-S203D________________SB00____\5&3892e308&0&0.0.0 [IDE\CdRomTSSTcorp_CDDVDW_SH-S203D________________SB00____\5&3892e308&0&0.0.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 2007-05-04 19:08:52 | Attr =	]
Autorun.exe [MZ | ] -> D:\Autorun.exe [ CDFS ] -> Codemasters Software Co. [Ver = 1.0.0.1 | Size = 749568 bytes | Modified Date = 2007-05-20 05:32:23 | Attr = R  ]
autorun.inf [[autorun] | OPEN="autorun.exe" | icon="autorun.exe" | label="DIRT" |  | ] -> D:\autorun.inf [ CDFS ] ->  [Ver =  | Size = 67 bytes | Modified Date = 2007-05-01 20:26:01 | Attr = R  ]
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dell.com -> 
HKEY_USERS\.DEFAULT\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dell.com -> 
HKEY_USERS\S-1-5-18\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-19\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-20\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\] > -> -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4497 domain(s) found. -> 
36 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4507 domain(s) found. -> 
35 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4496 domain(s) found. -> 
35 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4496 domain(s) found. -> 
35 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\] > -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4507 domain(s) found. -> 
35 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\] > -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Reg Error: Value  does not exist or could not be read.] -> Symantec Corporation [Ver = 2008.2.5.32 | Size = 349552 bytes | Modified Date = 2008-02-07 14:05:16 | Attr =	]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.2.0.81 | Size = 116088 bytes | Modified Date = 2008-02-25 22:07:36 | Attr =	]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 2008-05-25 00:16:14 | Attr =	]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 2004-02-10 13:08:58 | Attr =	]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\] > -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.5.32 | Size = 349552 bytes | Modified Date = 2008-02-07 14:05:16 | Attr =	]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 2004-02-10 13:08:58 | Attr =	]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{5E638779-1818-4754-A595-EF1C63B87A56}:Exec -> %ProgramFiles%\Norton SystemWorks\Norton Cleanup\WCQuick.lnk [Express Cleanup] ->  [Ver =  | Size = 761 bytes | Modified Date = 2006-07-08 17:28:37 | Attr =	]
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 2008-01-09 15:01:48 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Web Browser Applet Control] -> File not found
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton SystemWorks\Norton Cleanup\WCQuick.lnk [Express Cleanup] ->  [Ver =  | Size = 761 bytes | Modified Date = 2006-07-08 17:28:37 | Attr =	]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Web Browser Applet Control] -> File not found
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton SystemWorks\Norton Cleanup\WCQuick.lnk [Express Cleanup] ->  [Ver =  | Size = 761 bytes | Modified Date = 2006-07-08 17:28:37 | Attr =	]
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Web Browser Applet Control] -> File not found
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton SystemWorks\Norton Cleanup\WCQuick.lnk [Express Cleanup] ->  [Ver =  | Size = 761 bytes | Modified Date = 2006-07-08 17:28:37 | Attr =	]
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\] > -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Web Browser Applet Control] -> File not found
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton SystemWorks\Norton Cleanup\WCQuick.lnk [Express Cleanup] ->  [Ver =  | Size = 761 bytes | Modified Date = 2006-07-08 17:28:37 | Attr =	]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{0197378B-1A05-4AB8-93BA-CCAA0D3D90E7} ->	() -> 
{3A9AEB03-DEC7-4DB7-B644-D0CD9E952E72} ->	(Windows Mobile-based Device) -> 
{8D5137BF-3E31-4DC4-A6F8-0DB15C2CEB96} ->	(1394 Net Adapter) -> 
{A5B32C1C-80ED-4FD4-9AFA-569268D813EF} -> 203.23.211.11,203.23.211.11   (Intel(R) PRO/100 VE Network Connection) -> 
{B1091516-DF50-48FF-B7A3-136E52F05906} -> 203.23.211.11,203.23.211.11   (NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
Protocol_Catalog9\Catalog_Entries\000000000001 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000024 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000025 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000026 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000027 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000028 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000029 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000030 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000031 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000032 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000033 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000034 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000035 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000036 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000037 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000038 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000039 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000040 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000041 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000042 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000043 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000044 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000045 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000046 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000047 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000048 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000049 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000050 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000051 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000052 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000053 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000054 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000055 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000056 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000057 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000058 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000059 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000060 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000061 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000062 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000063 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr =	]
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 2007-11-12 14:48:02 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15026/CTSUEng.cab[Creative Software AutoUpdate] -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> 
{34F12AFD-E9B5-492A-85D2-40FA4535BE83}[HKEY_LOCAL_MACHINE] -> http://www.symantec.com/techsupp/activedata/nprdtinf.cab[AxProdInfoCtl Class] -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> 
{6A344D34-5231-452A-8A57-D064AC9B7862}[HKEY_LOCAL_MACHINE] -> https://webdl.symantec.com/activex/symdlmgr.cab[Symantec Download Manager] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129693247937[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}[HKEY_LOCAL_MACHINE] -> https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab[Symantec Download Bridge] -> 
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD}[HKEY_LOCAL_MACHINE] -> http://www.superadblocker.com/activex/sabspx.cab[SABScanProcesses Class] -> 
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 
{F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15029/CTPID.cab[Creative Software AutoUpdate Support Package] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clt05PIN.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clt05PIN.dll\\.Owner -> {34F12AFD-E9B5-492A-85D2-40FA4535BE83} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clt05PIN.dll\\{34F12AFD-E9B5-492A-85D2-40FA4535BE83} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clt06PIN.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clt06PIN.dll\\.Owner -> {34F12AFD-E9B5-492A-85D2-40FA4535BE83} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clt06PIN.dll\\{34F12AFD-E9B5-492A-85D2-40FA4535BE83} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/nprdtinf.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/nprdtinf.dll\\.Owner -> {34F12AFD-E9B5-492A-85D2-40FA4535BE83} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/nprdtinf.dll\\{34F12AFD-E9B5-492A-85D2-40FA4535BE83} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan82.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan82.ocx\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan82.ocx\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\{644E432F-49D3-41A1-8DD5-E099162EEEC5} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\\.Owner -> {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\\{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\\.Owner -> {6A344D34-5231-452A-8A57-D064AC9B7862} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\\{6A344D34-5231-452A-8A57-D064AC9B7862} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/msvcr71.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/msvcr71.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/msvcr71.dll\\{6A344D34-5231-452A-8A57-D064AC9B7862} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/sabprocenum.sys\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/sabprocenum.sys\\.Owner -> {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/sabprocenum.sys\\{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 17:56:43 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-16 03:49:30 | Attr =	]
msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 17:56:43 | Attr =	]
schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-26 00:21:15 | Attr =	]
wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 2006-03-24 14:37:50 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1700 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2004-08-04 17:56:44 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004-08-04 17:56:44 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 34 10 8F F7 B9 C6 ED 1E A2 30 6A 10 FC 9A 45 2B 63 38 62 34 38 31 65 63 00 00 00 00 01 00 00 00 BC 01 00 00 C0 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 1C 5F D4 7B  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 44 8B 45 B6 9C FB 20 AF 9D  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 67 D6 B1 4D 0E 89  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\SYSTEM32\iissuba.dll [iissuba] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2003-07-17 02:24:38 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 0A 63 92 AD A8 12 03 B3 20 28 EF 76 A7 C1 D5 07  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> E8 13 24 E1 EC 8C C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D9 4A 94 F8 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 D9 4A 94 F8 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 6F E3 94 F8 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 17:56:57 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11477 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-04 17:56:42 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\SharedAutoDial -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 17:56:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 22:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 199464 bytes | Modified Date = 2006-11-13 13:39:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 1289000 bytes | Modified Date = 2006-11-13 13:39:52 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 4270888 bytes | Modified Date = 2006-11-13 13:39:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\IcmpSettings\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\IcmpSettings\\AllowInboundEchoRequest -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.6.0.244 | Size = 21686568 bytes | Modified Date = 2007-12-07 14:08:02 | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FTP Explorer\ftpx.exe -> C:\Program Files\FTP Explorer\ftpx.exe [C:\Program Files\FTP Explorer\ftpx.exe:*:Enabled:FTP Explorer Application] -> FTPx Corp. [Ver = 1.00.010 | Size = 631808 bytes | Modified Date = 1997-06-03 20:44:04 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 17:56:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eDonkey2000\edonkey2000.exe -> C:\Program Files\eDonkey2000\edonkey2000.exe [C:\Program Files\eDonkey2000\edonkey2000.exe:*:Enabled:edonkey2000] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameSpy Arcade\Aphex.exe -> C:\Program Files\GameSpy Arcade\Aphex.exe [C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade] -> IGN Entertainment, Inc. [Ver = 2.0.4.5227	  | Size = 4206658 bytes | Modified Date = 2006-05-24 18:49:16 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe -> C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe [C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe:*:Enabled:hd2] ->  [Ver =  | Size = 6881280 bytes | Modified Date = 2004-09-03 21:15:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Router Tools V2.5.3\SyslogRd.exe -> C:\Program Files\Router Tools V2.5.3\SyslogRd.exe [C:\Program Files\Router Tools V2.5.3\SyslogRd.exe:*:Enabled:DrayTek Syslog Monitor] -> DrayTek corp. [Ver = 2.4.5 | Size = 397312 bytes | Modified Date = 2004-01-06 15:06:16 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eMule\emule.exe -> C:\Program Files\eMule\emule.exe [C:\Program Files\eMule\emule.exe:*:Enabled:eMule] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Codemasters\Colin McRae Rally 2005\CMR5.EXE -> C:\Program Files\Codemasters\Colin McRae Rally 2005\CMR5.EXE [C:\Program Files\Codemasters\Colin McRae Rally 2005\CMR5.EXE:*:Enabled:Colin McRae Rally 2005 Application] ->  [Ver = 1, 0, 0, 0 | Size = 2002944 bytes | Modified Date = 2004-09-21 15:02:14 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 22:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 17:56:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 199464 bytes | Modified Date = 2006-11-13 13:39:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 1289000 bytes | Modified Date = 2006-11-13 13:39:52 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 4270888 bytes | Modified Date = 2006-11-13 13:39:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundEchoRequest -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 17:56:57 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-04 17:56:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\SYSTEM32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 14:39:49 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 17:56:57 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2004-08-04 17:56:44 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\SYSTEM32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2004-08-04 17:56:57 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\SYSTEM32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 14:39:49 | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
CTHelper hkey=HKLM key=Run -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 41 | Size = 17920 bytes | Modified Date = 2006-08-11 14:56:02 | Attr =	]
CTxfiHlp hkey=HKLM key=Run -> %SystemRoot%\SYSTEM32\CTXFIHLP.EXE -> Creative Technology Ltd [Ver = 2, 0, 1, 3 | Size = 18944 bytes | Modified Date = 2006-08-11 14:56:04 | Attr =	]
EEventManager hkey=HKLM key=Run -> %ProgramFiles%\epson\Creativity Suite\Event Manager\EEventManager.exe ->  [Ver = 1, 0, 0, 1 | Size = 118784 bytes | Modified Date = 2004-11-01 16:33:50 | Attr =	]


[Files/Folders - Created Within 90 days]
Combo-Fix -> %SystemDrive%\Combo-Fix ->  [Folder | Created Date = 2008-05-26 20:47:51 | Attr =	]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 2008-05-26 20:48:02 | Attr =	]
msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll ->  [Ver =  | Size = 355112 bytes | Created Date = 2008-03-25 14:50:40 | Attr =	]
AVFilter.sys -> %SystemRoot%\System32\drivers\AVFilter.sys -> PC Tools Research Pty Ltd [Ver = 1, 3, 0, 0 | Size = 21904 bytes | Created Date = 2008-05-24 19:21:35 | Attr =	]
AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2008-05-24 18:19:50 | Attr =	]
AVHook.sys -> %SystemRoot%\System32\drivers\AVHook.sys -> PC Tools Research Pty Ltd. [Ver = 3.00.012 Build 012 | Size = 28568 bytes | Created Date = 2008-05-24 19:21:35 | Attr =	]
AVRec.sys -> %SystemRoot%\System32\drivers\AVRec.sys -> PC Tools Research Pty Ltd  [Ver = 3.00.012 Build 012 | Size = 21912 bytes | Created Date = 2008-05-24 19:21:35 | Attr =	]
dsload.sys -> %SystemRoot%\System32\drivers\dsload.sys -> Oracle Corp. [Ver = 4.06.377 | Size = 10910 bytes | Created Date = 2008-04-24 21:53:34 | Attr =	]
ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Created Date = 2008-05-25 07:52:50 | Attr =	]
iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 2008-05-25 07:52:50 | Attr =	]
iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 2008-05-25 07:52:50 | Attr =	]
kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 2008-05-25 07:52:50 | Attr =	]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver =  | Size = 82944 bytes | Created Date = 2008-05-24 18:04:34 | Attr =	]
BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 30120 bytes | Created Date = 2008-05-25 00:32:23 | Attr =	]
BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 30120 bytes | Created Date = 2008-05-25 00:32:23 | Attr =	]
BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 30912 bytes | Created Date = 2008-05-25 00:32:23 | Attr =	]
BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 30912 bytes | Created Date = 2008-05-25 00:32:23 | Attr =	]
dsgrab_01c8a601d2d658a0.dll -> %SystemRoot%\System32\dsgrab_01c8a601d2d658a0.dll -> Oracle Corp. [Ver = 4.06.377 | Size = 32318 bytes | Created Date = 2008-04-24 21:53:39 | Attr =	]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 2008-05-24 18:04:33 | Attr =	]
DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 11564 bytes | Created Date = 2008-05-25 00:32:23 | Attr =	]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82944 bytes | Created Date = 2008-05-24 18:04:34 | Attr =	]
ImageDrive.cpl -> %SystemRoot%\System32\ImageDrive.cpl -> Nero AG [Ver = 3.0.0.7 | Size = 81920 bytes | Created Date = 2008-05-24 09:28:03 | Attr =	]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Created Date = 2008-05-25 12:47:21 | Attr =	]
12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 2008-05-24 18:04:33 | Attr =	]
settings.sfm -> %SystemRoot%\System32\settings.sfm ->  [Ver =  | Size = 1080 bytes | Created Date = 2008-05-25 00:32:23 | Attr =	]
settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm ->  [Ver =  | Size = 1080 bytes | Created Date = 2008-05-25 00:32:23 | Attr =	]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 2008-05-24 18:04:33 | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Created Date = 2008-05-24 18:04:34 | Attr =	]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 2008-05-24 18:04:33 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Created Date = 2008-05-24 23:55:52 | Attr =	]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Created Date = 2008-05-24 18:04:34 | Attr =	]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Created Date = 2008-05-25 13:16:13 | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 2008-05-26 20:50:16 | Attr =	]
fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 2008-05-26 20:47:58 | Attr =	]
grep.exe -> %SystemRoot%\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 2008-05-26 20:47:58 | Attr =	]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 2008-05-26 20:47:58 | Attr =	]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 2008-05-26 20:54:49 | Attr =	]
sed.exe -> %SystemRoot%\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 2008-05-26 20:47:58 | Attr =	]
swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2008-05-26 20:47:58 | Attr =	]
swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008-05-26 20:47:58 | Attr =	]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 2008-05-26 20:54:20 | Attr =	]
VFind.exe -> %SystemRoot%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 2008-05-26 20:47:58 | Attr =	]
zip.exe -> %SystemRoot%\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 2008-05-26 20:47:58 | Attr =	]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job ->  [Ver =  | Size = 440 bytes | Created Date = 2008-05-20 16:12:02 | Attr =	]
RegCure.job -> %SystemRoot%\tasks\RegCure.job ->  [Ver =  | Size = 374 bytes | Created Date = 2008-05-20 16:12:01 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
DVD Shrink -> %AllUsersProfile%\Application Data\DVD Shrink ->  [Folder | Created Date = 2008-04-24 16:36:43 | Attr =	]
Google Updater -> %AllUsersProfile%\Application Data\Google Updater ->  [Folder | Created Date = 2008-05-25 00:16:07 | Attr =	]
Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Created Date = 2008-05-24 18:19:42 | Attr =	]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Created Date = 2008-05-25 12:47:23 | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2008-05-24 17:51:23 | Attr =	]
PC Tools -> %AllUsersProfile%\Application Data\PC Tools ->  [Folder | Created Date = 2008-05-24 19:21:28 | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2008-05-24 19:38:04 | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Created Date = 2008-05-24 14:27:40 | Attr =	]
Grisoft -> %AppData%\Grisoft ->  [Folder | Created Date = 2008-05-24 18:20:24 | Attr =	]
U3 -> %AppData%\U3 ->  [Folder | Created Date = 2008-05-24 10:17:11 | Attr =	]
Symantec -> %UserProfile%\Local Settings\Application Data\Symantec ->  [Folder | Created Date = 2008-05-24 10:32:46 | Attr =	]
cc_20080524_1700.reg -> %UserProfile%\My Documents\cc_20080524_1700.reg ->  [Ver =  | Size = 900096 bytes | Created Date = 2008-05-24 17:00:55 | Attr =	]
mbam-setup.exe -> %UserProfile%\My Documents\mbam-setup.exe -> Malwarebytes												 [Ver = 1.0.0.0			  | Size = 1699142 bytes | Created Date = 2008-05-25 15:32:32 | Attr =	]
Combo-Fix.exe -> %UserProfile%\Desktop\Combo-Fix.exe ->  [Ver =  | Size = 1955424 bytes | Created Date = 2008-05-26 20:47:16 | Attr =	]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe ->  [Ver =  | Size = 1955327 bytes | Created Date = 2008-05-26 19:02:38 | Attr =	]
Hijackthis.lnk -> %UserProfile%\Desktop\Hijackthis.lnk ->  [Ver =  | Size = 660 bytes | Created Date = 2008-05-25 15:01:24 | Attr =	]
OTCleanIt.exe -> %UserProfile%\Desktop\OTCleanIt.exe -> OldTimer Tools [Ver = 1.0.3.1 | Size = 181248 bytes | Created Date = 2008-05-26 19:02:38 | Attr =	]
OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.2 | Size = 291328 bytes | Created Date = 2008-05-26 19:02:38 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 2008-05-28 22:00:47 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 544843 bytes | Created Date = 2008-05-28 22:00:05 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Download Manager -> %CommonProgramFiles%\Download Manager ->  [Folder | Created Date = 2008-05-25 15:25:22 | Attr =	]
Oracle -> %CommonProgramFiles%\Oracle ->  [Folder | Created Date = 2008-04-24 21:53:25 | Attr =	]
PC Tools -> %CommonProgramFiles%\PC Tools ->  [Folder | Created Date = 2008-05-24 19:21:36 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2008-05-24 23:11:06 | Attr =	]
Grisoft -> %ProgramFiles%\Grisoft ->  [Folder | Created Date = 2008-05-24 18:19:40 | Attr =	]
Hijackthis -> %ProgramFiles%\Hijackthis ->  [Folder | Created Date = 2008-05-25 15:01:23 | Attr =	]
Mozilla Firefox -> %ProgramFiles%\Mozilla Firefox ->  [Folder | Created Date = 2008-05-25 14:23:29 | Attr =	]
PC Tools AntiVirus -> %ProgramFiles%\PC Tools AntiVirus ->  [Folder | Created Date = 2008-05-24 19:21:28 | Attr =	]
RegCure -> %ProgramFiles%\RegCure ->  [Folder | Created Date = 2008-05-20 16:11:51 | Attr =	]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor ->  [Folder | Created Date = 2008-05-25 07:52:41 | Attr =	]
uTorrent -> %ProgramFiles%\uTorrent ->  [Folder | Created Date = 2008-05-25 00:03:18 | Attr =	]
WebDialogs -> %ProgramFiles%\WebDialogs ->  [Folder | Created Date = 2008-03-02 07:51:29 | Attr =	]

[Files/Folders - Modified Within 90 days]
Combo-Fix -> %SystemDrive%\Combo-Fix ->  [Folder | Modified Date = 2008-05-27 05:47:37 | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2008-05-25 15:01:23 | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2008-05-26 20:51:03 | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2008-05-26 20:56:41 | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2008-05-27 05:47:37 | Attr =	]
msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll ->  [Ver =  | Size = 355112 bytes | Modified Date = 2008-03-25 14:50:40 | Attr =	]
coh_mon.cat -> %SystemRoot%\System32\drivers\coh_mon.cat ->  [Ver =  | Size = 10537 bytes | Modified Date = 2008-03-06 20:32:09 | Attr =	]
COH_Mon.inf -> %SystemRoot%\System32\drivers\COH_Mon.inf ->  [Ver =  | Size = 706 bytes | Modified Date = 2008-03-06 20:32:09 | Attr =	]
COH_Mon.sys -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23904 bytes | Modified Date = 2008-03-06 20:32:09 | Attr =	]
ETC -> %SystemRoot%\System32\drivers\ETC ->  [Folder | Modified Date = 2008-05-26 21:04:23 | Attr =	]
hosts -> %SystemRoot%\System32\drivers\ETC\hosts ->  [Ver =  | Size = 27 bytes | Modified Date = 2008-05-26 21:04:23 | Attr =	]
hosts.20080524-230506.backup -> %SystemRoot%\System32\drivers\ETC\hosts.20080524-230506.backup ->  [Ver =  | Size = 734 bytes | Modified Date = 2008-05-24 18:08:34 | Attr =	]
Hosts.bak -> %SystemRoot%\System32\drivers\ETC\Hosts.bak ->  [Ver =  | Size = 243463 bytes | Modified Date = 2008-05-25 01:07:00 | Attr = RH ]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver =  | Size = 82944 bytes | Modified Date = 2008-05-18 21:40:36 | Attr =	]
BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 30120 bytes | Modified Date = 2008-05-27 06:11:36 | Attr =	]
BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 30120 bytes | Modified Date = 2008-05-27 06:11:36 | Attr =	]
BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 30912 bytes | Modified Date = 2008-05-27 06:11:36 | Attr =	]
BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 30912 bytes | Modified Date = 2008-05-27 06:11:36 | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2008-04-12 07:44:13 | Attr =	]
12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2008-05-26 21:27:04 | Attr =	]
CONFIG -> %SystemRoot%\System32\CONFIG ->  [Folder | Modified Date = 2008-05-26 20:55:11 | Attr =	]
DLLCACHE -> %SystemRoot%\System32\DLLCACHE ->  [Folder | Modified Date = 2008-05-24 09:34:29 | Attr = RHS]
DRIVERS -> %SystemRoot%\System32\DRIVERS ->  [Folder | Modified Date = 2008-05-28 21:55:03 | Attr =	]
DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 11564 bytes | Modified Date = 2008-05-27 06:11:36 | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 166400 bytes | Modified Date = 2008-04-12 10:38:40 | Attr =	]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82944 bytes | Modified Date = 2008-05-18 21:40:36 | Attr =	]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Modified Date = 2008-05-25 12:47:21 | Attr =	]
msjetoledb40.dll -> %SystemRoot%\System32\msjetoledb40.dll ->  [Ver =  | Size = 355112 bytes | Modified Date = 2008-03-25 14:50:40 | Attr =	]
PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT ->  [Ver =  | Size = 74634 bytes | Modified Date = 2008-05-26 18:54:52 | Attr =	]
PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT ->  [Ver =  | Size = 451614 bytes | Modified Date = 2008-05-26 18:54:52 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 536470 bytes | Modified Date = 2008-05-26 18:54:52 | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 2008-05-26 20:56:41 | Attr =	]
settings.sfm -> %SystemRoot%\System32\settings.sfm ->  [Ver =  | Size = 1080 bytes | Modified Date = 2008-05-27 06:11:36 | Attr =	]
settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm ->  [Ver =  | Size = 1080 bytes | Modified Date = 2008-05-27 06:11:36 | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Modified Date = 2008-05-15 23:22:46 | Attr =	]
WBEM -> %SystemRoot%\System32\WBEM ->  [Folder | Modified Date = 2008-03-21 09:45:38 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 2008-05-28 21:55:41 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2008-05-14 16:38:11 | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 2008-04-17 08:23:11 | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Modified Date = 2008-05-25 13:21:29 | Attr =	]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-05-28 21:54:07 | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 2008-05-24 14:21:18 | Attr =  HS]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2008-05-24 16:58:20 | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2008-05-25 13:16:16 | Attr =   S]
EPISME00.SWB -> %SystemRoot%\EPISME00.SWB ->  [Ver =  | Size = 9662 bytes | Modified Date = 2008-03-12 15:06:29 | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 2008-05-26 20:54:58 | Attr =	]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2008-04-12 08:41:43 | Attr =	]
INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 2008-05-25 13:16:13 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2008-05-24 09:41:39 | Attr =  HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 2008-04-17 08:23:16 | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 2008-05-24 16:58:19 | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 229 bytes | Modified Date = 2008-05-22 09:35:43 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-05-27 05:52:27 | Attr =	]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-05-26 20:54:49 | Attr =	]
SECURITY -> %SystemRoot%\SECURITY ->  [Folder | Modified Date = 2008-03-08 13:36:59 | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 246 bytes | Modified Date = 2008-05-26 21:04:33 | Attr =	]
SYSTEM32 -> %SystemRoot%\SYSTEM32 ->  [Folder | Modified Date = 2008-05-26 20:55:39 | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2008-05-20 16:12:02 | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 2008-05-28 21:58:14 | Attr =	]
VBADDIN.INI -> %SystemRoot%\VBADDIN.INI ->  [Ver =  | Size = 63 bytes | Modified Date = 2008-04-12 08:39:51 | Attr =	]
VDEN.bkm -> %SystemRoot%\VDEN.bkm ->  [Ver =  | Size = 10 bytes | Modified Date = 2008-03-24 10:10:42 | Attr =	]
WIN.INI -> %SystemRoot%\WIN.INI ->  [Ver =  | Size = 613 bytes | Modified Date = 2008-03-20 18:26:53 | Attr =	]
WININIT.INI -> %SystemRoot%\WININIT.INI ->  [Ver =  | Size = 153 bytes | Modified Date = 2008-05-24 23:01:49 | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2008-04-13 15:53:41 | Attr =	]
{00000002-00000000-00000002-00001102-00000004-10031102}.CDF -> %SystemRoot%\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF ->  [Ver =  | Size = 4959907 bytes | Modified Date = 2008-04-06 22:25:04 | Attr =	]
Norton Internet Security - Run Full System Scan - Krasch.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Krasch.job ->  [Ver =  | Size = 624 bytes | Modified Date = 2008-05-06 08:46:53 | Attr =	]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job ->  [Ver =  | Size = 440 bytes | Modified Date = 2008-05-26 21:27:04 | Attr =	]
RegCure.job -> %SystemRoot%\tasks\RegCure.job ->  [Ver =  | Size = 374 bytes | Modified Date = 2008-05-20 16:12:03 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-05-27 06:11:11 | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 2004-04-13 19:58:45 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 7806 bytes | Modified Date = 2008-05-26 21:28:53 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 7806 bytes | Modified Date = 2008-05-26 21:28:53 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data ->  [Folder | Modified Date = 2004-06-01 14:13:50 | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1632 bytes | Modified Date = 2004-06-01 14:20:47 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 2004-06-01 14:13:50 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data ->  [Folder | Modified Date = 2005-01-13 10:54:23 | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\data.dat ->  [Ver =  | Size = 11896 bytes | Modified Date = 2005-01-13 10:54:45 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 2005-04-04 17:13:23 | Attr =	]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2004-05-02 12:49:17 | Attr =	]
C:\WINDOWS\Temp\ -> C:\WINDOWS\TEMP ->  [Folder | Modified Date = 2008-05-28 21:58:14 | Attr =	]
Perflib_Perfdata_e5c.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_e5c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-05-26 21:27:13 | Attr =	]
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DVD Shrink -> %AllUsersProfile%\Application Data\DVD Shrink ->  [Folder | Modified Date = 2008-04-24 16:36:43 | Attr =	]
Google Updater -> %AllUsersProfile%\Application Data\Google Updater ->  [Folder | Modified Date = 2008-05-26 21:32:35 | Attr =	]
Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Modified Date = 2008-05-24 18:19:42 | Attr =	]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Modified Date = 2008-05-25 12:47:23 | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2008-05-24 17:51:23 | Attr =	]
PC Tools -> %AllUsersProfile%\Application Data\PC Tools ->  [Folder | Modified Date = 2008-05-24 19:23:54 | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2008-05-24 19:39:35 | Attr =	]
Symantec -> %AllUsersProfile%\Application Data\Symantec ->  [Folder | Modified Date = 2008-03-27 19:42:54 | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2008-05-28 21:58:23 | Attr =	]
@Alternate Data Stream - 109 bytes -> %AllUsersProfile%\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
$_hpcst$.hpc -> %AppData%\$_hpcst$.hpc ->  [Ver =  | Size = 2528 bytes | Modified Date = 2008-03-10 16:15:11 | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 2008-05-24 14:27:40 | Attr =	]
Grisoft -> %AppData%\Grisoft ->  [Folder | Modified Date = 2008-05-24 18:20:24 | Attr =	]
PC Tools -> %AppData%\PC Tools ->  [Folder | Modified Date = 2008-05-24 19:24:01 | Attr =	]
U3 -> %AppData%\U3 ->  [Folder | Modified Date = 2008-05-26 20:07:58 | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 37000 bytes | Modified Date = 2008-05-24 10:32:45 | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 2008-03-10 19:26:15 | Attr =	]
Symantec -> %UserProfile%\Local Settings\Application Data\Symantec ->  [Folder | Modified Date = 2008-05-24 10:32:46 | Attr =	]
cc_20080524_1700.reg -> %UserProfile%\My Documents\cc_20080524_1700.reg ->  [Ver =  | Size = 900096 bytes | Modified Date = 2008-05-24 17:02:32 | Attr =	]
mbam-setup.exe -> %UserProfile%\My Documents\mbam-setup.exe -> Malwarebytes												 [Ver = 1.0.0.0			  | Size = 1699142 bytes | Modified Date = 2008-05-25 15:25:22 | Attr =	]
Combo-Fix.exe -> %UserProfile%\Desktop\Combo-Fix.exe ->  [Ver =  | Size = 1955424 bytes | Modified Date = 2008-05-26 20:45:56 | Attr =	]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe ->  [Ver =  | Size = 1955327 bytes | Modified Date = 2008-05-26 08:50:14 | Attr =	]
Hijackthis.lnk -> %UserProfile%\Desktop\Hijackthis.lnk ->  [Ver =  | Size = 660 bytes | Modified Date = 2008-05-25 15:01:24 | Attr =	]
OTCleanIt.exe -> %UserProfile%\Desktop\OTCleanIt.exe -> OldTimer Tools [Ver = 1.0.3.1 | Size = 181248 bytes | Modified Date = 2008-05-26 08:48:14 | Attr =	]
OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.2 | Size = 291328 bytes | Modified Date = 2008-05-26 08:48:36 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 2008-05-28 22:06:10 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 544843 bytes | Modified Date = 2008-05-28 22:00:08 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Download Manager -> %CommonProgramFiles%\Download Manager ->  [Folder | Modified Date = 2008-05-25 15:25:22 | Attr =	]
Oracle -> %CommonProgramFiles%\Oracle ->  [Folder | Modified Date = 2008-04-24 21:53:25 | Attr =	]
PC Tools -> %CommonProgramFiles%\PC Tools ->  [Folder | Modified Date = 2008-05-24 19:21:36 | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 2008-05-26 21:56:23 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2008-05-25 15:33:05 | Attr =	]

[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

< End of report >

HJT log removed to allow thread to remain in AII ~ rigel

And from Malwarebytes i cant post log because I cant update it,this infection blocks it!

Edited by rigel, 07 February 2009 - 06:35 PM.


#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:21 PM

Posted 07 February 2009 - 07:37 AM

I need a fast reply cuz im loosing customers


business

Windows XP-5.1.2600-Service Pack 1-


a network admin should know better

http://www.viruslist.com/en/viruses/encycl...irusid=21782725

this is a very dangerous network worm best handled with a total flatten and rebuild by a qualified technician

http://www.bleepingcomputer.com/forums/topic201338.html

It would be better to properly prepare each computer before building your network and only after making doubly sure that no data was infected
Chewy

No. Try not. Do... or do not. There is no try.

#15 dzm

dzm
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 07 February 2009 - 02:53 PM

Yes it is




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users