Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firedaemon.exe + Msvcrl.dll Missing From Iexplore.exe Errors


  • This topic is locked This topic is locked
7 replies to this topic

#1 DongDiggler

DongDiggler

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 30 May 2007 - 11:35 AM

Upon startup of WindowsXP Home edition, I get the first error message:

FireDaemon.EXE - Application Error
The instruction of "0x0012e7b0" referenced memory at "0x00000000". The memory could not be "written".
Click on OK to terminate the program
Click on CANCEL to debug program


A few minutes later, I see the second problem:

iexplore.exe system error because msvcrl.dll is missing and would work if I replaced the file.

My log:

Logfile of HijackThis v1.99.1
Scan saved at 11:55:58 AM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\directx\asp\mech\FireDaemon.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\directx\asp\mech\FireDaemon.EXE
C:\WINDOWS\system32\directx\asp\mech\cygmech.exe
C:\WINDOWS\system32\directx\asp\mech\asp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\iexplore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ajc.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...1nkR0jdt/qG+XU=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Configuration Loader] iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [Configuration Loader] iexplore.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SecretSmileys] C:\PROGRA~1\SECRET~1\ss.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Firewall auto setup] D:\Profiles\user2\LOCALS~1\Temp\winlogon.exe
O4 - HKCU\..\Run: [2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{85741171-FBDE-448E-8C3C-A47E11CC4045}: NameServer = 205.152.37.23,205.152.144.23
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FireDaemon Service: binconf (binconf) - Unknown owner - C:\WINDOWS\system32\directx\asp\mech\FireDaemon.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: FireDaemon Service: windll64 (windll64) - Unknown owner - C:\WINDOWS\system32\directx\asp\mech\FireDaemon.EXE


Any help would be much appreciated.

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:01 PM

Posted 02 June 2007 - 07:46 AM

Hello DongDiggler and welcome to the BC HijackThis forum. It looks like there are a couple of different infections going on here. Let's try a different scanner and see what else shows up.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • Reg - BotCheck
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 DongDiggler

DongDiggler
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 02 June 2007 - 11:43 AM

WinPFind3 logfile created on: 6/2/2007 11:54:19 AM
WinPFind3U by OldTimer - Version 1.0.38 Folder = D:\Profiles\user2\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

510.42 Mb Total Physical Memory | 264.32 Mb Available Physical Memory | 51.79% Memory free
1.47 Gb Paging File | 1.27 Gb Available in Paging File | 86.29% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 15.47 Gb Free Space | 52.80% Space Free
Drive D: | 203.58 Gb Total Space | 101.80 Gb Free Space | 50.01% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DESK2
Current User Name: user2
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.2.3292 | Size = 61440 bytes | Modified Date = 8/1/2003 11:31:06 AM | Attr = ]
asp.exe -> %System32%\DirectX\asp\mech\asp.exe -> [Ver = | Size = 1020416 bytes | Modified Date = 2/16/2004 7:43:02 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 446464 bytes | Modified Date = 2/2/2007 3:55:10 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 446464 bytes | Modified Date = 2/2/2007 3:55:10 PM | Attr = ]
cthelper.exe -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 2:57:32 PM | Attr = ]
frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.1.1.184 | Size = 106586 bytes | Modified Date = 9/10/2003 3:11:00 AM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/12/2005 12:23:26 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/12/2005 12:12:54 AM | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 1:14:36 PM | Attr = ]
iexplore.exe -> %System32%\iexplore.exe -> [Ver = | Size = 24159 bytes | Modified Date = 5/15/2007 2:54:10 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 4/27/2007 11:25:52 AM | Attr = ]
itouch.exe -> %ProgramFiles%\Logitech\iTouch\iTouch.exe -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 9:33:26 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 4/27/2007 11:25:58 AM | Attr = ]
jucheck.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 241775 bytes | Modified Date = 11/10/2005 2:03:52 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 2:03:52 PM | Attr = ]
khalmnpr.exe -> %CommonProgramFiles%\Logitech\KHAL\KHALMNPR.EXE -> Logitech Inc. [Ver = 2.42.230 | Size = 28160 bytes | Modified Date = 8/4/2005 3:42:00 AM | Attr = ]
logi_mwx.exe -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
mcshield.exe -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 7.1.0.116 | Size = 237657 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ]
naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> Network Associates, Inc. [Ver = 3.1.1.184 | Size = 127058 bytes | Modified Date = 9/10/2003 3:11:00 AM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.42.257 | Size = 528384 bytes | Modified Date = 8/4/2005 3:42:00 AM | Attr = ]
shstat.exe -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 7.1.0.187 | Size = 81990 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ]
taskswitch.exe -> %System32%\taskswitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 10/8/2001 12:59:36 PM | Attr = ]
updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.1.1.184 | Size = 135251 bytes | Modified Date = 9/10/2003 3:11:00 AM | Attr = ]
vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 7.1.0.187 | Size = 69706 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 446464 bytes | Modified Date = 2/2/2007 3:55:10 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 2/2/2007 7:34:00 PM | Attr = ]
(binconf) FireDaemon Service: binconf [Win32_Own | Auto | Stopped] -> %System32%\DirectX\asp\mech\FireDaemon.EXE -> [Ver = | Size = 81920 bytes | Modified Date = 3/22/2005 10:57:52 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 4/27/2007 11:25:52 AM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.1.1.184 | Size = 106586 bytes | Modified Date = 9/10/2003 3:11:00 AM | Attr = ]
(McShield) Network Associates McShield [Win32_Own | Auto | Paused] -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 7.1.0.116 | Size = 237657 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ]
(McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 7.1.0.187 | Size = 69706 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 1:14:36 PM | Attr = ]
(windll64) FireDaemon Service: windll64 [Win32_Own | Auto | Stopped] -> %System32%\DirectX\asp\mech\FireDaemon.EXE -> [Ver = | Size = 81920 bytes | Modified Date = 3/22/2005 10:57:52 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Configuration Loader -> %System32%\iexplore.exe -> [Ver = | Size = 24159 bytes | Modified Date = 5/15/2007 2:54:10 PM | Attr = ]
CoolSwitch -> %System32%\taskswitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 10/8/2001 12:59:36 PM | Attr = ]
CTHelper -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 2:57:32 PM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/12/2005 12:12:54 AM | Attr = ]
HPHUPD08 -> %ProgramFiles%\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe -> Hewlett-Packard [Ver = 8,1,0,12 | Size = 49152 bytes | Modified Date = 6/1/2005 12:35:56 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 4/27/2007 11:25:58 AM | Attr = ]
KernelFaultCheck -> -> File not found
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech Inc. [Ver = 2.42.230 | Size = 28160 bytes | Modified Date = 7/23/2005 12:25:30 AM | Attr = ]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.1.1.184 | Size = 135251 bytes | Modified Date = 9/10/2003 3:11:00 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 7.1.0.187 | Size = 81990 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 2:03:52 PM | Attr = ]
zBrowser Launcher -> %ProgramFiles%\Logitech\iTouch\iTouch.exe -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 9:33:26 AM | Attr = ]
< RunServices [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Configuration Loader -> %System32%\iexplore.exe -> [Ver = | Size = 24159 bytes | Modified Date = 5/15/2007 2:54:10 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
2 -> %ProgramFiles%\Uniblue\RegistryBooster2\RegistryBooster.exe -> File not found
Firewall auto setup -> D:\Profiles\user2\LOCALS~1\Temp\winlogon.exe -> File not found
SecretSmileys -> %SystemDrive%\PROGRA~1\SECRET~1\ss.exe -> File not found
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -> File not found
Uniblue RegistryBooster2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\RegistryBooster.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/12/2005 12:23:26 AM | Attr = ]
%AllUsersStartup%\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.42.257 | Size = 528384 bytes | Modified Date = 8/4/2005 3:42:00 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 110592 bytes | Modified Date = 2/2/2007 3:56:30 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoClosingComponents -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\\Add -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\\Delete -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoBackButton -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoFileMru -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSharedDocuments -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{645FF040-5081-101B-9F08-00AA002F954E} -> 1 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://as.starware.com/dp/search?x=wKX1ILE...1nkR0jdt/qG+XU= ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.ajc.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr = ]
{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKLM] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 2:22:10 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKLM] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKLM] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 2:22:10 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 2:22:10 PM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.2.3292 | Size = 61440 bytes | Modified Date = 8/1/2003 11:31:06 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{4503C993-A0C9-40A9-BEE3-EC83F859E908} -> (3Com 3C920B-EMB Integrated Fast Ethernet Controller) ->
{4C1B777C-5DFE-4EBE-8348-A775F85D1B6A} -> (3Com EtherLink 10/100 PCI TX NIC (3C905B-TX)) ->
{741A823D-AF7C-4ECD-850D-33E4939F0FBC} -> (1394 Net Adapter) ->
{78536EC5-EC52-41D5-8BBD-97C7DD47E8A6} -> (Westell WireSpeed Dual Connect Modem) ->
{85741171-FBDE-448E-8C3C-A47E11CC4045} -> 205.152.37.23,205.152.144.23 () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...8167.7645601852 ->
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_01 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> N ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableRemoteConnect -> N ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 528 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 4E!_`d9360010
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> j,
Ku 7 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> U' ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix ->
9ab'KuȑF# ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> $F8 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 951 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe -> C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\iexplore.exe -> C:\WINDOWS\system32\iexplore.exe:*:Enabled:iexplore ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Gaim\gaim.exe -> C:\Program Files\Gaim\gaim.exe:*:Enabled:Gaim ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Profiles\user2\Local Settings\Temp\winlogon.exe -> D:\Profiles\user2\Local Settings\Temp\winlogon.exe:*:Disabled:winlogon ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\UT2004\System\UT2004.exe -> C:\UT2004\System\UT2004.exe:*:Disabled:UT2004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\winlde.exe -> C:\WINDOWS\system32\winlde.exe:*:Disabled:winlde ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{9DABDB86-A95E-4775-96CA-1FB3E3474DBC} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{4503C993-A0C9-40A9-BEE3-EC83F859E908} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{4C1B777C-5DFE-4EBE-8348-A775F85D1B6A} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{741A823D-AF7C-4ECD-850D-33E4939F0FBC} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\System32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe -k LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\System32\tlntsvr.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS;TCPIP;NTLMSSP; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> 0 ->

[Files/Folders - Created Within 30 days]
REGISTRYBKUP.reg -> %SystemDrive%\REGISTRYBKUP.reg -> [Ver = | Size = 86884378 bytes | Created Date = 5/21/2007 7:12:51 AM | Attr = ]
bdco1.dll -> %System32%\bdco1.dll -> NVIDIA Corporation [Ver = 1.0 | Size = 8192 bytes | Created Date = 5/6/2007 10:31:20 AM | Attr = R ]
bonbon.exe -> %System32%\bonbon.exe -> [Ver = | Size = 24157 bytes | Created Date = 5/10/2007 4:08:48 PM | Attr = ]
fdco1.dll -> %System32%\fdco1.dll -> NVIDIA Corporation [Ver = 1.0 | Size = 198656 bytes | Created Date = 5/6/2007 10:37:31 AM | Attr = R ]
nvconrm.dll -> %System32%\nvconrm.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 15 | Size = 32256 bytes | Created Date = 5/6/2007 10:31:20 AM | Attr = R ]
nvnrm.nvu -> %System32%\nvnrm.nvu -> [Ver = | Size = 2509 bytes | Created Date = 5/6/2007 10:37:27 AM | Attr = ]
nvunrm.exe -> %System32%\nvunrm.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 15 | Size = 172032 bytes | Created Date = 5/6/2007 10:37:27 AM | Attr = ]
NVENETFD.sys -> %System32%\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.00.0442 | Size = 33280 bytes | Created Date = 5/6/2007 10:37:31 AM | Attr = R ]
nvnetbus.sys -> %System32%\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.00.0442 | Size = 12928 bytes | Created Date = 5/6/2007 10:31:20 AM | Attr = R ]
nvnrm.sys -> %System32%\drivers\nvnrm.sys -> NVIDIA Corporation [Ver = 1.00.00.0442 | Size = 56960 bytes | Created Date = 5/6/2007 10:31:20 AM | Attr = R ]
nvsnpu.sys -> %System32%\drivers\nvsnpu.sys -> NVIDIA Corporation [Ver = 1.00.00.0442 | Size = 191232 bytes | Created Date = 5/6/2007 10:31:20 AM | Attr = R ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 5/30/2007 9:42:14 AM | Attr = H ]
NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Modified Date = 5/5/2007 4:49:22 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/30/2007 11:34:54 AM | Attr = ]
REGISTRYBKUP.reg -> %SystemDrive%\REGISTRYBKUP.reg -> [Ver = | Size = 86884378 bytes | Modified Date = 5/21/2007 8:13:06 AM | Attr = ]
UT2004 -> %SystemDrive%\UT2004 -> [Folder | Modified Date = 5/30/2007 9:45:14 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/2/2007 11:52:06 AM | Attr = ]
$NtUninstallKB826939$ -> %SystemRoot%\$NtUninstallKB826939$ -> [Folder | Modified Date = 5/30/2007 9:06:42 AM | Attr = H ]
$NtUninstallKB826942$ -> %SystemRoot%\$NtUninstallKB826942$ -> [Folder | Modified Date = 5/30/2007 9:06:46 AM | Attr = H ]
$NtUninstallKB828741$ -> %SystemRoot%\$NtUninstallKB828741$ -> [Folder | Modified Date = 5/30/2007 9:06:52 AM | Attr = H ]
$NtUninstallKB835732$ -> %SystemRoot%\$NtUninstallKB835732$ -> [Folder | Modified Date = 5/30/2007 9:06:56 AM | Attr = H ]
$NtUninstallKB837001$ -> %SystemRoot%\$NtUninstallKB837001$ -> [Folder | Modified Date = 5/30/2007 9:07:02 AM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/2/2007 8:44:12 AM | Attr = S]
checkip.dat -> %SystemRoot%\checkip.dat -> [Ver = | Size = 1218 bytes | Modified Date = 5/22/2007 5:25:26 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/6/2007 11:37:32 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/30/2007 9:42:16 AM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/30/2007 9:07:54 AM | Attr = ]
randseed.rnd -> %SystemRoot%\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 6/1/2007 9:45:10 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/24/2007 8:50:30 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/24/2007 8:49:00 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/2/2007 9:26:28 AM | Attr = ]
winamp.ini -> %SystemRoot%\winamp.ini -> [Ver = | Size = 155 bytes | Modified Date = 5/28/2007 10:39:44 AM | Attr = ]
{00000001-00000000-0000000A-00001102-00000004-10071102}.CDF -> %SystemRoot%\{00000001-00000000-0000000A-00001102-00000004-10071102}.CDF -> [Ver = | Size = 4923423 bytes | Modified Date = 6/1/2007 10:54:04 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 5/24/2007 8:51:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/25/2007 12:25:06 AM | Attr = H ]
BMXBkpCtrlState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> %System32%\BMXBkpCtrlState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> [Ver = | Size = 30528 bytes | Modified Date = 6/1/2007 10:54:36 PM | Attr = ]
BMXCtrlState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> %System32%\BMXCtrlState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> [Ver = | Size = 30528 bytes | Modified Date = 6/1/2007 10:54:36 PM | Attr = ]
BMXState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> %System32%\BMXState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> [Ver = | Size = 31056 bytes | Modified Date = 6/1/2007 10:54:36 PM | Attr = ]
BMXStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> %System32%\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> [Ver = | Size = 31056 bytes | Modified Date = 6/1/2007 10:54:36 PM | Attr = ]
bonbon.exe -> %System32%\bonbon.exe -> [Ver = | Size = 24157 bytes | Modified Date = 5/10/2007 9:11:50 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 5/6/2007 11:37:28 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/26/2007 8:37:08 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 5/27/2007 7:15:56 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/6/2007 11:37:32 AM | Attr = ]
DVCState-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat -> %System32%\DVCState-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 6/1/2007 10:54:36 PM | Attr = ]
DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat -> %System32%\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 6/1/2007 10:54:36 PM | Attr = ]
iexplore.exe -> %System32%\iexplore.exe -> [Ver = | Size = 24159 bytes | Modified Date = 5/15/2007 2:54:10 PM | Attr = ]
KGyGaAvL.sys -> %System32%\KGyGaAvL.sys -> [Ver = | Size = 10022 bytes | Modified Date = 5/21/2007 11:58:22 AM | Attr = HS]
Restore -> %System32%\Restore -> [Folder | Modified Date = 5/26/2007 2:58:34 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 6/1/2007 10:54:36 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 6/1/2007 10:54:36 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2262 bytes | Modified Date = 6/2/2007 8:44:14 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 5/21/2007 8:13:14 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
aspack , -> %SystemRoot%\ul.exe -> Microcoft Corporation [Ver = 5.1.2600.2180 | Size = 15872 bytes | Modified Date = 4/15/2007 5:10:50 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 6/14/2004 3:04:34 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:01 PM

Posted 02 June 2007 - 12:50 PM

Hi DongDiggler. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #2

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> asp.exe -> %System32%\DirectX\asp\mech\asp.exe
YY -> iexplore.exe -> %System32%\iexplore.exe
[Win32 Services - Non-Microsoft Only]
YY -> (binconf) FireDaemon Service: binconf [Win32_Own | Auto | Stopped] -> %System32%\DirectX\asp\mech\FireDaemon.EXE
YY -> (windll64) FireDaemon Service: windll64 [Win32_Own | Auto | Stopped] -> %System32%\DirectX\asp\mech\FireDaemon.EXE
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Configuration Loader -> %System32%\iexplore.exe
< RunServices [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
YY -> Configuration Loader -> %System32%\iexplore.exe
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> 2 -> %ProgramFiles%\Uniblue\RegistryBooster2\RegistryBooster.exe
YN -> Firewall auto setup -> D:\Profiles\user2\LOCALS~1\Temp\winlogon.exe
YN -> SecretSmileys -> %SystemDrive%\PROGRA~1\SECRET~1\ss.exe
YN -> StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
YN -> Uniblue RegistryBooster2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\RegistryBooster.exe
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > ->
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Profiles\user2\Local Settings\Temp\winlogon.exe -> D:\Profiles\user2\Local Settings\Temp\winlogon.exe:*:Disabled:winlogon
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\winlde.exe -> C:\WINDOWS\system32\winlde.exe:*:Disabled:winlde
[Files/Folders - Modified Within 30 days]
NY -> iexplore.exe -> %System32%\iexplore.exe
[ Extra Files ]
C:\WINDOWS\system32\directx\asp\mech\
D:\Profiles\user2\Local Settings\Temp\winlogon.exe
C:\WINDOWS\system32\winlde.exe
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot into Safe Mode as shown below. If not, then reboot manually into Safe Mode.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #4

Post the following back here:
  • a new WinPFind3U report (just use the default settings this time)
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 DongDiggler

DongDiggler
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 02 June 2007 - 05:54 PM

WinPFind3 logfile created on: 6/2/2007 6:45:05 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = D:\Profiles\user2\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

510.42 Mb Total Physical Memory | 210.51 Mb Available Physical Memory | 41.24% Memory free
1.47 Gb Paging File | 1.21 Gb Available in Paging File | 82.40% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 15.74 Gb Free Space | 53.73% Space Free
Drive D: | 203.58 Gb Total Space | 102.14 Gb Free Space | 50.17% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DESK2
Current User Name: user2
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 446464 bytes | Modified Date = 2/2/2007 3:55:10 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 446464 bytes | Modified Date = 2/2/2007 3:55:10 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 8:20:00 AM | Attr = ]
cthelper.exe -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 2:57:32 PM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.4: 2007051502 | Size = 7637104 bytes | Modified Date = 5/31/2007 2:24:24 PM | Attr = ]
frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.1.1.184 | Size = 106586 bytes | Modified Date = 9/10/2003 3:11:00 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/12/2005 12:23:26 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/12/2005 12:12:54 AM | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 1:14:36 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 4/27/2007 11:25:52 AM | Attr = ]
itouch.exe -> %ProgramFiles%\Logitech\iTouch\iTouch.exe -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 9:33:26 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 4/27/2007 11:25:58 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 2:03:52 PM | Attr = ]
khalmnpr.exe -> %CommonProgramFiles%\Logitech\KHAL\KHALMNPR.EXE -> Logitech Inc. [Ver = 2.42.230 | Size = 28160 bytes | Modified Date = 8/4/2005 3:42:00 AM | Attr = ]
logi_mwx.exe -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
mcshield.exe -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 7.1.0.116 | Size = 237657 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ]
naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> Network Associates, Inc. [Ver = 3.1.1.184 | Size = 127058 bytes | Modified Date = 9/10/2003 3:11:00 AM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr = ]
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.42.257 | Size = 528384 bytes | Modified Date = 8/4/2005 3:42:00 AM | Attr = ]
shstat.exe -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 7.1.0.187 | Size = 81990 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ]
taskswitch.exe -> %System32%\taskswitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 10/8/2001 12:59:36 PM | Attr = ]
updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.1.1.184 | Size = 135251 bytes | Modified Date = 9/10/2003 3:11:00 AM | Attr = ]
vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 7.1.0.187 | Size = 69706 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 446464 bytes | Modified Date = 2/2/2007 3:55:10 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 2/2/2007 7:34:00 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 4/27/2007 11:25:52 AM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.1.1.184 | Size = 106586 bytes | Modified Date = 9/10/2003 3:11:00 AM | Attr = ]
(McShield) Network Associates McShield [Win32_Own | Auto | Paused] -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 7.1.0.116 | Size = 237657 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ]
(McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 7.1.0.187 | Size = 69706 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 1:14:36 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 8:20:00 AM | Attr = ]
CoolSwitch -> %System32%\taskswitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 10/8/2001 12:59:36 PM | Attr = ]
CTHelper -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 2:57:32 PM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/12/2005 12:12:54 AM | Attr = ]
HPHUPD08 -> %ProgramFiles%\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe -> Hewlett-Packard [Ver = 8,1,0,12 | Size = 49152 bytes | Modified Date = 6/1/2005 12:35:56 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 4/27/2007 11:25:58 AM | Attr = ]
KernelFaultCheck -> -> File not found
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech Inc. [Ver = 2.42.230 | Size = 28160 bytes | Modified Date = 7/23/2005 12:25:30 AM | Attr = ]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.1.1.184 | Size = 135251 bytes | Modified Date = 9/10/2003 3:11:00 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 7.1.0.187 | Size = 81990 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 2:03:52 PM | Attr = ]
zBrowser Launcher -> %ProgramFiles%\Logitech\iTouch\iTouch.exe -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 9:33:26 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/12/2005 12:23:26 AM | Attr = ]
%AllUsersStartup%\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.42.257 | Size = 528384 bytes | Modified Date = 8/4/2005 3:42:00 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 10:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 110592 bytes | Modified Date = 2/2/2007 3:56:30 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoClosingComponents -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\\Add -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\\Delete -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoBackButton -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoFileMru -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSharedDocuments -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{645FF040-5081-101B-9F08-00AA002F954E} -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://as.starware.com/dp/search?x=wKX1ILE...1nkR0jdt/qG+XU= ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.ajc.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr = ]
{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKLM] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 2:22:10 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKLM] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKLM] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 2:22:10 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 2:22:10 PM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.2.3292 | Size = 61440 bytes | Modified Date = 8/1/2003 11:31:06 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{4503C993-A0C9-40A9-BEE3-EC83F859E908} -> (3Com 3C920B-EMB Integrated Fast Ethernet Controller) ->
{4C1B777C-5DFE-4EBE-8348-A775F85D1B6A} -> (3Com EtherLink 10/100 PCI TX NIC (3C905B-TX)) ->
{741A823D-AF7C-4ECD-850D-33E4939F0FBC} -> (1394 Net Adapter) ->
{78536EC5-EC52-41D5-8BBD-97C7DD47E8A6} -> (Westell WireSpeed Dual Connect Modem) ->
{85741171-FBDE-448E-8C3C-A47E11CC4045} -> 205.152.37.23,205.152.144.23 () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...8167.7645601852 ->
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_01 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files/Folders - Created Within 30 days]
REGISTRYBKUP.reg -> %SystemDrive%\REGISTRYBKUP.reg -> [Ver = | Size = 86884378 bytes | Created Date = 5/21/2007 7:12:51 AM | Attr = ]
bdco1.dll -> %System32%\bdco1.dll -> NVIDIA Corporation [Ver = 1.0 | Size = 8192 bytes | Created Date = 5/6/2007 10:31:20 AM | Attr = R ]
bonbon.exe -> %System32%\bonbon.exe -> [Ver = | Size = 24157 bytes | Created Date = 5/10/2007 4:08:48 PM | Attr = ]
fdco1.dll -> %System32%\fdco1.dll -> NVIDIA Corporation [Ver = 1.0 | Size = 198656 bytes | Created Date = 5/6/2007 10:37:31 AM | Attr = R ]
nvconrm.dll -> %System32%\nvconrm.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 15 | Size = 32256 bytes | Created Date = 5/6/2007 10:31:20 AM | Attr = R ]
nvnrm.nvu -> %System32%\nvnrm.nvu -> [Ver = | Size = 2509 bytes | Created Date = 5/6/2007 10:37:27 AM | Attr = ]
nvunrm.exe -> %System32%\nvunrm.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 15 | Size = 172032 bytes | Created Date = 5/6/2007 10:37:27 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 6/2/2007 1:30:39 PM | Attr = ]
NVENETFD.sys -> %System32%\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.00.0442 | Size = 33280 bytes | Created Date = 5/6/2007 10:37:31 AM | Attr = R ]
nvnetbus.sys -> %System32%\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.00.0442 | Size = 12928 bytes | Created Date = 5/6/2007 10:31:20 AM | Attr = R ]
nvnrm.sys -> %System32%\drivers\nvnrm.sys -> NVIDIA Corporation [Ver = 1.00.00.0442 | Size = 56960 bytes | Created Date = 5/6/2007 10:31:20 AM | Attr = R ]
nvsnpu.sys -> %System32%\drivers\nvsnpu.sys -> NVIDIA Corporation [Ver = 1.00.00.0442 | Size = 191232 bytes | Created Date = 5/6/2007 10:31:20 AM | Attr = R ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 5/30/2007 9:42:14 AM | Attr = H ]
NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Modified Date = 5/5/2007 4:49:22 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/2/2007 2:30:36 PM | Attr = ]
QUARANTINE -> %SystemDrive%\QUARANTINE -> [Folder | Modified Date = 6/2/2007 2:30:40 PM | Attr = ]
REGISTRYBKUP.reg -> %SystemDrive%\REGISTRYBKUP.reg -> [Ver = | Size = 86884378 bytes | Modified Date = 5/21/2007 8:13:06 AM | Attr = ]
UT2004 -> %SystemDrive%\UT2004 -> [Folder | Modified Date = 5/30/2007 9:45:14 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/2/2007 6:41:36 PM | Attr = ]
$NtUninstallKB826939$ -> %SystemRoot%\$NtUninstallKB826939$ -> [Folder | Modified Date = 5/30/2007 9:06:42 AM | Attr = H ]
$NtUninstallKB826942$ -> %SystemRoot%\$NtUninstallKB826942$ -> [Folder | Modified Date = 5/30/2007 9:06:46 AM | Attr = H ]
$NtUninstallKB828741$ -> %SystemRoot%\$NtUninstallKB828741$ -> [Folder | Modified Date = 5/30/2007 9:06:52 AM | Attr = H ]
$NtUninstallKB835732$ -> %SystemRoot%\$NtUninstallKB835732$ -> [Folder | Modified Date = 5/30/2007 9:06:56 AM | Attr = H ]
$NtUninstallKB837001$ -> %SystemRoot%\$NtUninstallKB837001$ -> [Folder | Modified Date = 5/30/2007 9:07:02 AM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/2/2007 6:43:52 PM | Attr = S]
checkip.dat -> %SystemRoot%\checkip.dat -> [Ver = | Size = 1218 bytes | Modified Date = 5/22/2007 5:25:26 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/6/2007 11:37:32 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/30/2007 9:42:16 AM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/30/2007 9:07:54 AM | Attr = ]
randseed.rnd -> %SystemRoot%\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 6/1/2007 9:45:10 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/2/2007 6:41:34 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/24/2007 8:49:00 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/2/2007 3:00:38 PM | Attr = ]
winamp.ini -> %SystemRoot%\winamp.ini -> [Ver = | Size = 155 bytes | Modified Date = 5/28/2007 10:39:44 AM | Attr = ]
{00000001-00000000-0000000A-00001102-00000004-10071102}.CDF -> %SystemRoot%\{00000001-00000000-0000000A-00001102-00000004-10071102}.CDF -> [Ver = | Size = 4923423 bytes | Modified Date = 6/2/2007 5:40:40 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 5/24/2007 8:51:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/25/2007 12:25:06 AM | Attr = H ]
BMXBkpCtrlState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> %System32%\BMXBkpCtrlState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> [Ver = | Size = 30528 bytes | Modified Date = 6/2/2007 5:41:04 PM | Attr = ]
BMXCtrlState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> %System32%\BMXCtrlState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> [Ver = | Size = 30528 bytes | Modified Date = 6/2/2007 5:41:04 PM | Attr = ]
BMXState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> %System32%\BMXState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> [Ver = | Size = 31056 bytes | Modified Date = 6/2/2007 5:41:04 PM | Attr = ]
BMXStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> %System32%\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx -> [Ver = | Size = 31056 bytes | Modified Date = 6/2/2007 5:41:04 PM | Attr = ]
bonbon.exe -> %System32%\bonbon.exe -> [Ver = | Size = 24157 bytes | Modified Date = 5/10/2007 9:11:50 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 5/6/2007 11:37:28 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/26/2007 8:37:08 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 5/27/2007 7:15:56 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/2/2007 2:30:40 PM | Attr = ]
DVCState-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat -> %System32%\DVCState-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 6/2/2007 5:41:04 PM | Attr = ]
DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat -> %System32%\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 6/2/2007 5:41:04 PM | Attr = ]
iexplore.exe -> %System32%\iexplore.exe -> [Ver = | Size = 24159 bytes | Modified Date = 5/15/2007 2:54:10 PM | Attr = ]
KGyGaAvL.sys -> %System32%\KGyGaAvL.sys -> [Ver = | Size = 10022 bytes | Modified Date = 5/21/2007 11:58:22 AM | Attr = HS]
Restore -> %System32%\Restore -> [Folder | Modified Date = 5/26/2007 2:58:34 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 6/2/2007 5:41:04 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 6/2/2007 5:41:04 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2262 bytes | Modified Date = 6/2/2007 8:44:14 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 5/21/2007 8:13:14 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 6/14/2004 3:04:34 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:42:10 PM 6/2/2007

+ Scan result:



D:\Profiles\user2\Desktop\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\DirectX\asp\mech\cygmech2.exe -> Backdoor.Mechbot.d : Cleaned with backup (quarantined).
C:\WINDOWS\ul.exe -> Downloader.Small.cul : Cleaned with backup (quarantined).
C:\WINDOWS\install.exe -> Hijacker.Costrat.aj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\23477.exe -> Hijacker.Costrat.aj : Cleaned with backup (quarantined).
C:\WINDOWS\installer.exe -> Logger.BZub.ik : Cleaned with backup (quarantined).
D:\Profiles\user2\Desktop\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\DirectX\asp\mech\FireDaemon.EXE -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Cleaned with backup (quarantined).
D:\Profiles\user2\Local Settings\Temp\Rar$EX25.531\Windows_Movie_Maker_2.0 + Crack\Crack\Setup.exe -> Proxy.Ranky.gj : Cleaned with backup (quarantined).
D:\Profiles\user2\Local Settings\Temp\Rar$EX25.531\Windows_Movie_Maker_2.0 + Crack\Setup.exe -> Proxy.Ranky.gj : Cleaned with backup (quarantined).
D:\Profiles\user2\Local Settings\Temp\Rar$EX28.437\Windows_Movie_Maker_2.0 + Crack\Crack\Setup.exe -> Proxy.Ranky.gj : Cleaned with backup (quarantined).
D:\Profiles\user2\Local Settings\Temp\Rar$EX28.437\Windows_Movie_Maker_2.0 + Crack\Setup.exe -> Proxy.Ranky.gj : Cleaned with backup (quarantined).
D:\Profiles\user2\Local Settings\Temp\Rar$EX33.062\Windows_Movie_Maker_2.0 + Crack\Crack\Setup.exe -> Proxy.Ranky.gj : Cleaned with backup (quarantined).
D:\Profiles\user2\Local Settings\Temp\Rar$EX33.062\Windows_Movie_Maker_2.0 + Crack\Setup.exe -> Proxy.Ranky.gj : Cleaned with backup (quarantined).
:mozilla.413:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.115:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.122:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.124:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.125:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.475:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.534:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.682:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.724:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.762:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.837:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\desk12\Cookies\desk12@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Profiles\user2\Cookies\user2@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.21:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.523:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.524:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.525:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.526:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.676:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.677:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.678:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.62:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.63:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.67:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.68:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.75:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.84:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.85:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.374:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.375:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.88:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.89:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.90:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.94:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.95:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Advertising : Cleaned.
D:\Profiles\user2\Cookies\user2@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.144:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.59:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.60:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.194:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.968:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.969:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.970:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.497:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.60:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\desk12\Cookies\desk12@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
D:\Profiles\user2\Cookies\user2@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.265:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.266:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.267:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\desk12\Cookies\desk12@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Profiles\user2\Cookies\user2@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Profiles\user2\Cookies\user2@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.253:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.254:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.255:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.256:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.257:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.258:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.259:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.260:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.261:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.891:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.695:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.11:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.311:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.503:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
D:\Profiles\user2\Cookies\user2@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.764:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.769:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.774:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.474:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.476:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.477:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.478:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.479:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.415:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.416:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.417:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.418:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.45:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.46:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.31:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.32:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.538:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.685:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.795:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.812:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.268:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.269:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.315:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.316:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.317:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.318:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.557:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.558:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.567:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.588:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.589:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.590:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.609:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.610:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.66:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.69:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.712:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.713:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.714:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.71:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.818:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.819:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.820:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.821:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.365:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.366:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.507:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Inet-cash : Cleaned.
:mozilla.717:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.718:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.719:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.519:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.287:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.288:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\desk12\Cookies\desk12@ie.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.39:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.806:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.807:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.808:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.809:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.541:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.542:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.543:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.669:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.10:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.14:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.7:D:\Profiles\user2\Application Data\Thunderbird\Profiles\default.bta\cookies.txt -> TrackingCookie.Paypal : Cleaned.
D:\Profiles\user2\Cookies\user2@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.100:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.101:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.96:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.97:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.98:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.99:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.37:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.38:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.39:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.864:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.865:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.58:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.59:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.61:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.61:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.62:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Profiles\user2\Cookies\user2@guide.real[2].txt -> TrackingCookie.Real : Cleaned.
:mozilla.189:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.190:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.191:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.192:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.193:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.545:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.72:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.73:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.74:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.76:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.77:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.78:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.79:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.80:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.81:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.82:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.83:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Revsci : Cleaned.
D:\Profiles\user2\Cookies\user2@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.559:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.560:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.102:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.103:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.104:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.105:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.106:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.107:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.943:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.944:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.350:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.351:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.352:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.355:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.356:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.357:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.358:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.359:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.360:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.361:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.289:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.290:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.291:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.292:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.293:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.294:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.295:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.296:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.297:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.298:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.299:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.300:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.301:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.302:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.303:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.304:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.45:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.46:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.47:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.48:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.494:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.49:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.50:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.899:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.237:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.238:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.239:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.240:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.241:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.242:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.243:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.244:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.245:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.205:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.206:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.63:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.747:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.748:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.404:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.34:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\desk12\Application Data\Mozilla\Firefox\Profiles\kkqu8y57.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.425:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.426:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.427:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.428:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.603:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.604:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.605:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.606:D:\Profiles\user2\Application Data\Mozilla\Firefox\Profiles\default.3hw\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Internet Explorer\iexplore.exe -> Trojan.GoldSpy : Cleaned with backup (quarantined).


::Report end

.log file

Explorer killed successfully
[Processes - Non-Microsoft Only]
Unable to kill process asp.exe .
C:\WINDOWS\SYSTEM32\DirectX\asp\mech\asp.exe moved successfully.
Process iexplore.exe killed successfully.
C:\WINDOWS\SYSTEM32\iexplore.exe moved successfully.
[Win32 Services - Non-Microsoft Only]
Service binconf stopped successfully.
Service binconf deleted successfully.
C:\WINDOWS\SYSTEM32\DirectX\asp\mech\FireDaemon.EXE moved successfully.
Service windll64 stopped successfully.
Service windll64 deleted successfully.
File C:\WINDOWS\SYSTEM32\DirectX\asp\mech\FireDaemon.EXE not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Configuration Loader deleted successfully.
C:\WINDOWS\SYSTEM32\iexplore.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\Configuration Loader deleted successfully.
C:\WINDOWS\SYSTEM32\iexplore.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\2 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Firewall auto setup deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SecretSmileys deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\StartCCC deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Uniblue RegistryBooster2 deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Profiles\user2\Local Settings\Temp\winlogon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\winlde.exe deleted successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\SYSTEM32\iexplore.exe moved successfully.
[ Extra Files ]
C:\WINDOWS\system32\directx\asp\mech\randfiles moved successfully.
Folder move failed. C:\WINDOWS\system32\directx\asp\mech\COPYING scheduled to be moved on reboot.
Folder cleanup failed. C:\WINDOWS\system32\directx\asp\mech scheduled to be deleted on reboot.
File/Folder D:\Profiles\user2\Local Settings\Temp\winlogon.exe not found.
File/Folder C:\WINDOWS\system32\winlde.exe not found.
[Empty Temp Folders]
D:\Profiles\user2\LOCALS~1\Temp\ -> emptied.
D:\Profiles\user2\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 06/02/2007 14:38:09

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:01 PM

Posted 02 June 2007 - 08:28 PM

Hi DongDiggler. Everything looks fine. Any more error messages?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 DongDiggler

DongDiggler
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 03 June 2007 - 09:31 AM

No more error messages. Thank you, sir.

Ya know, for an "old timer," you're very computer-savvy and a solid instruction giver. : )

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:01 PM

Posted 09 June 2007 - 06:33 AM

You are very welcome DongDiggler. I'm glad we could be of assistance.

I will now close this topic. If you have any malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing :thumbsup:

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users