Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack This log for analysis

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Hijack This log for analysis

Unread postby pjp_1234 » August 15th, 2008, 6:26 am

Nope, it did not work. I copied and pasted it just like you said and when I double click it opens up and the cursor just sits and blinks in front of the R in REGEDIT4 and nothing else happens. No merging, no nothing!

Patty :?:
pjp_1234
Active Member
 
Posts: 12
Joined: August 6th, 2008, 2:59 am
Advertisement
Register to Remove

Re: Hijack This log for analysis

Unread postby peku006 » August 15th, 2008, 6:41 am

Hi Patty

That fix.reg should look like this -> Image

right-click in the fix.reg icon and choose Merge

peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Hijack This log for analysis

Unread postby pjp_1234 » August 15th, 2008, 6:50 am

Yup! That's what the icon looks like.

I right clicked and selected merge. It just opened it up and sat there again this time with the cursor blinking at the start of the line below the blank line under "NoDevMgrPage"=dword:00000000

Patty :?
pjp_1234
Active Member
 
Posts: 12
Joined: August 6th, 2008, 2:59 am

Re: Hijack This log for analysis

Unread postby peku006 » August 16th, 2008, 2:10 am

Hi Patty

Copy text below to Notepad and save it as look.bat (save it as all files, *.*)

Code: Select all
@echo off
regedit /e peek1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"
regedit /e peek2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies"
type peek1.txt >> look.txt
type peek2.txt >> look.txt
del peek*.txt
start notepad look.txt
exit


It should look like this ->Image

Doubleclick look.bat; black dos windows will flash, that's normal.

Copy and paste the contents of it in your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Hijack This log for analysis

Unread postby pjp_1234 » August 16th, 2008, 6:21 am

That was an easy one!

Thanks again,

Patty


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings]
"Key"=hex:d3,ff,4f,11,eb,30,d7,d0,39,94,52,0e,cd,72,f4,ba
"Hint"="Patty"
"FileName0"="C:\\WINDOWS\\system32\\RSACi.rat"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default]
"Allow_Unknowns"=dword:00000000
"PleaseMom"=dword:00000001
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html]
"l"=dword:00000004
"n"=dword:00000000
"s"=dword:00000000
"v"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
pjp_1234
Active Member
 
Posts: 12
Joined: August 6th, 2008, 2:59 am

Re: Hijack This log for analysis

Unread postby peku006 » August 16th, 2008, 8:39 am

Hi Patty

Please go to Start > Run copy and paste the text belowx in the box
Code: Select all
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v NoDevMgrPage /t REG_DWORD /d 0 /f 

and then press ENTER

  1. Please download OTScanIt.exe from Bleeping Computer by OldTimer and save it to your desktop.
  2. Double click on OTScanIt.exe to run it.
  3. Click on Extract. Once done, you will be prompted. Click OK and click Close.
  4. Double click on the OTScanIt folder. Double click on OTScanIt.exe to run it.
  5. Under Drivers section, select Non-Microsoft.
  6. Click on the Run Scan button at the top left hand corner.
  7. OTScanIt will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Hijack This log for analysis

Unread postby pjp_1234 » August 16th, 2008, 6:53 pm

Wow! Cool Freeware!

Thanks again!

Patty :cheers:

Code: Select all
OTScanIt logfile created on: 8/16/2008 3:40:53 PM
OTScanIt by OldTimer - Version 1.0.16.2     Folder = C:\Documents and Settings\PATRICIA PRESCOTT\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.49 Mb Total Physical Memory | 547.15 Mb Available Physical Memory | 53.46% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4050 4096;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 27.84 Gb Free Space | 37.35% Space Free | Partition Type: NTFS
Drive D: | 7.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XMAS2003
Current User Name: PATRICIA PRESCOTT
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 311296 bytes | Modified Date = 4/17/2006 10:42:14 AM | Attr =    ]
lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 174592 bytes | Modified Date = 4/17/2006 10:41:24 AM | Attr =    ]
dit.exe -> %SystemRoot%\Dit.exe ->  [Ver =  | Size = 69632 bytes | Modified Date = 9/5/2002 6:14:46 PM | Attr =    ]
lxczbmgr.exe -> %ProgramFiles%\Lexmark 1200 Series\lxczbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 7/12/2006 10:22:50 PM | Attr =    ]
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr =    ]
lxczbmon.exe -> %ProgramFiles%\Lexmark 1200 Series\lxczbmon.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 7/12/2006 10:33:14 PM | Attr =    ]
backweb-8876480.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/21/2008 3:03:58 AM | Attr =    ]
belkinwcui.exe -> %ProgramFiles%\Belkin\F5D8053\Belkinwcui.exe -> Belkin [Ver = 1, 0, 0, 35 | Size = 1728512 bytes | Modified Date = 7/2/2007 7:45:04 PM | Attr =    ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 43.1.5.000 | Size = 241664 bytes | Modified Date = 5/28/2004 10:31:38 PM | Attr =    ]
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 3.1.116 | Size = 671744 bytes | Modified Date = 9/1/2006 11:01:42 AM | Attr =    ]
raui.exe -> %ProgramFiles%\RALINK\Common\RaUI.exe -> Ralink Technology, Corp. [Ver = 2, 0, 2, 0 | Size = 2101248 bytes | Modified Date = 5/15/2007 6:29:20 PM | Attr =    ]
khalmnpr.exe -> %CommonProgramFiles%\Logitech\khalshared\KHALMNPR.exe -> Logitech Inc. [Ver = 3.1.82 | Size = 94208 bytes | Modified Date = 7/19/2006 12:03:56 PM | Attr =    ]
ditexp.exe -> %SystemRoot%\DitExp.exe ->  [Ver =  | Size = 65536 bytes | Modified Date = 7/12/2002 10:29:24 AM | Attr =    ]
hpqgalry.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqgalry.exe -> Hewlett-Packard Co. [Ver = 043.001.005.000 | Size = 520192 bytes | Modified Date = 5/28/2004 11:08:52 PM | Attr =    ]
ioloservicemanager.exe -> %ProgramFiles%\iolo\Common\Lib\ioloServiceManager.exe ->  [Ver =  | Size = 592232 bytes | Modified Date = 6/19/2008 4:59:12 PM | Attr =    ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr =    ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr =    ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr =    ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr =    ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr =    ]
slserv.exe -> %SystemRoot%\system32\slserv.exe ->   [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 1/17/2003 3:02:38 AM | Attr =    ]
wlservice.exe -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr =    ]
wlservice.exe -> %ProgramFiles%\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr =    ]
wusb54gc.exe -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe -> Linksys [Ver = 1.1.0.2 | Size = 5527040 bytes | Modified Date = 8/29/2006 12:23:44 AM | Attr =    ]
wusb54gsc.exe -> %ProgramFiles%\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe -> Linksys [Ver = 1.0.2.4 | Size = 5358592 bytes | Modified Date = 4/21/2006 12:26:38 PM | Attr =    ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/3/2007 10:33:14 PM | Attr =    ]
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr =    ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 12/5/2007 10:04:10 AM | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 12/25/2007 1:42:26 PM | Attr =    ]
(ioloFileInfoList) iolo FileInfoList Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\iolo\Common\Lib\ioloServiceManager.exe ->  [Ver =  | Size = 592232 bytes | Modified Date = 6/19/2008 4:59:12 PM | Attr =    ]
(ioloProductUpdate) iolo Product Update Service [Win32_Shared | Auto | Stopped] -> %ProgramFiles%\iolo\Common\Lib\ioloServiceManager.exe ->  [Ver =  | Size = 592232 bytes | Modified Date = 6/19/2008 4:59:12 PM | Attr =    ]
(ioloSystemService) iolo System Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\iolo\Common\Lib\ioloServiceManager.exe ->  [Ver =  | Size = 592232 bytes | Modified Date = 6/19/2008 4:59:12 PM | Attr =    ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 311296 bytes | Modified Date = 4/17/2006 10:42:14 AM | Attr =    ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr =    ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr =    ]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 11/7/2007 9:35:40 AM | Attr =    ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr =    ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr =    ]
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 12/5/2007 10:04:10 AM | Attr =    ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr =    ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr =    ]
(SLService) SmartLinkService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\slserv.exe ->   [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 1/17/2003 3:02:38 AM | Attr =    ]
(WUSB54GCSVC) WUSB54GCSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr =    ]
(WUSB54GSCSVC) WUSB54GSCSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr =    ]

[Driver Services - Non-Microsoft Only]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.5.3.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.5.3.0 | Size = 21419 bytes | Modified Date = 12/19/2007 7:38:00 AM | Attr =    ]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.6270 built by: WinDDK | Size = 4124352 bytes | Modified Date = 10/26/2007 11:20:40 AM | Attr = R  ]
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> %SystemRoot%\system32\drivers\BANTExt.sys ->  [Ver =  | Size = 3840 bytes | Modified Date = 4/7/2005 5:18:34 PM | Attr =    ]
(BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\bcm42rly.sys -> Broadcom Corporation [Ver = 3.90.30.0 (BROADCOM INTERNAL DRIVER) | Size = 17992 bytes | Modified Date = 2/1/2005 6:18:38 PM | Attr =    ]
(BOCDRIVE) BOClean Kernel Monitor. [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Comodo\CBOClean\BOCDRIVE.sys -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:17 PM | Attr =    ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:16 PM | Attr =    ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr =    ]
(FileDisk) FileDisk [Kernel | System | Running] -> %SystemRoot%\System32\drivers\filedisk.sys -> iolo technologies, LLC (based on original work by Bo Brantén) [Ver = 2.0 | Size = 9341 bytes | Modified Date = 7/24/2006 6:51:34 PM | Attr =    ]
(FreshIO) FreshIO [Kernel | On_Demand | Stopped] -> %ProgramFiles%\FreshDevices\FreshDiagnose\FreshIO.sys -> File not found
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\GTNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Modified Date = 9/25/2003 10:15:32 PM | Attr =    ]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hpzid412.sys -> HP [Ver = 8, 0, 0, 0 | Size = 51088 bytes | Modified Date = 6/22/2004 8:05:12 AM | Attr =    ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 8, 0, 0, 0 | Size = 16496 bytes | Modified Date = 6/22/2004 8:05:12 AM | Attr =    ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 8, 0, 0, 0 | Size = 21744 bytes | Modified Date = 6/22/2004 8:05:12 AM | Attr =    ]
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042Kbd.SYS -> Logitech Inc. [Ver = 3.1.82.00 | Size = 13568 bytes | Modified Date = 7/19/2006 12:27:26 PM | Attr =    ]
(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042MOU.SYS -> Logitech Inc. [Ver = 3.1.82.00 | Size = 55936 bytes | Modified Date = 7/19/2006 12:27:46 PM | Attr =    ]
(L8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042pr2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 51486 bytes | Modified Date = 11/7/2003 2:50:00 AM | Attr =    ]
(LBeepKE) LBeepKE [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\LBeepKE.sys -> Logitech Inc. [Ver = 3.1.116.00 | Size = 3712 bytes | Modified Date = 9/1/2006 12:32:50 PM | Attr =    ]
(LCcfltr) Logitech USB Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LCcfltr.sys -> Logitech, Inc. [Ver = 9.79.300.0 | Size = 14095 bytes | Modified Date = 3/3/2004 9:50:00 AM | Attr =    ]
(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LHidFilt.Sys -> Logitech, Inc. [Ver = 4.40.53.00 | Size = 35088 bytes | Modified Date = 11/29/2007 2:17:48 AM | Attr =    ]
(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 25502 bytes | Modified Date = 11/7/2003 2:50:00 AM | Attr =    ]
(LHidKe) SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidKE.Sys -> Logitech Inc. [Ver = 3.1.82.00 | Size = 27136 bytes | Modified Date = 7/19/2006 12:29:08 PM | Attr =    ]
(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidUsb.sys -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 37884 bytes | Modified Date = 11/7/2003 2:50:00 AM | Attr =    ]
(LHidUsbK) SetPoint USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidUsbK.sys -> Logitech Inc. [Ver = 3.1.82.00 | Size = 36736 bytes | Modified Date = 7/19/2006 12:28:04 PM | Attr =    ]
(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LMouFilt.Sys -> Logitech, Inc. [Ver = 4.40.53.00 | Size = 36368 bytes | Modified Date = 11/29/2007 2:17:56 AM | Attr =    ]
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 70798 bytes | Modified Date = 11/7/2003 2:50:00 AM | Attr =    ]
(LMouKE) SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouKE.Sys -> Logitech Inc. [Ver = 3.1.82.00 | Size = 71936 bytes | Modified Date = 7/19/2006 12:28:56 PM | Attr =    ]
(LUsbFilt) Logitech SetPoint KMDF USB Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LUsbFilt.sys -> Logitech, Inc. [Ver = 4.40.53.00 | Size = 28432 bytes | Modified Date = 11/29/2007 2:18:12 AM | Attr =    ]
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 79304 bytes | Modified Date = 11/22/2007 6:44:08 AM | Attr =    ]
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 35240 bytes | Modified Date = 11/22/2007 6:44:08 AM | Attr =    ]
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 201320 bytes | Modified Date = 11/22/2007 6:44:08 AM | Attr =    ]
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 33832 bytes | Modified Date = 11/22/2007 6:44:04 AM | Attr =    ]
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Modified Date = 12/2/2007 12:51:42 PM | Attr =    ]
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 113952 bytes | Modified Date = 7/13/2007 9:20:24 AM | Attr =    ]
(Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mtlmnt5.sys ->   [Ver = 3.20.04 | Size = 210128 bytes | Modified Date = 2/16/2003 5:08:18 PM | Attr =    ]
(Mtlstrm) Mtlstrm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mtlstrm.sys ->   [Ver = 3.20.04 | Size = 1293192 bytes | Modified Date = 2/16/2003 6:33:46 PM | Attr =    ]
(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.115 | Size = 28256 bytes | Modified Date = 6/21/2008 3:03:00 AM | Attr =    ]
(NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ntmtlfax.sys ->   [Ver = 3.20.03 | Size = 162136 bytes | Modified Date = 2/5/2003 6:25:56 PM | Attr =    ]
(pcwe) pcwe [Kernel | On_Demand | Stopped] -> %SystemDrive%\ATI\PC Wizard 2007\pcw86-32.sys -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr =    ]
(rt2870) Ralink 802.11n USB Wireless LAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rt2870.sys -> Ralink Technology, Corp. [Ver = 1.00.03.0000 | Size = 503680 bytes | Modified Date = 5/9/2007 5:03:38 PM | Attr =    ]
(RT73) Linksys Home Wireless-G USB Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.02.0000 | Size = 245248 bytes | Modified Date = 11/24/2005 7:51:38 PM | Attr =    ]
(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation                            [Ver = 5.681.1120.2007 built by: WinDDK | Size = 104320 bytes | Modified Date = 11/20/2007 12:09:22 PM | Attr =    ]
(rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\R8139n51.sys -> Realtek Semiconductor Corporation        [Ver = 5.505.1004.2002 built by: WinDDK | Size = 46976 bytes | Modified Date = 10/3/2002 7:04:10 PM | Attr =    ]
(S3Psddr) S3Psddr [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0025-13.94.25 | Size = 167040 bytes | Modified Date = 3/2/2004 2:02:30 PM | Attr =    ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr =    ]
(Slntamr) SmartLink AMR_PCI Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\slntamr.sys ->   [Ver = 3.20.04 | Size = 516616 bytes | Modified Date = 2/16/2003 5:11:56 PM | Attr =    ]
(SlNtHal) SlNtHal [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\slnthal.sys ->   [Ver = 3.20.04 | Size = 85520 bytes | Modified Date = 2/16/2003 5:12:46 PM | Attr =    ]
(SlWdmSup) SlWdmSup [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\slwdmsup.sys -> Vireo Software [Ver = 1.00 | Size = 39348 bytes | Modified Date = 1/17/2003 2:19:32 AM | Attr =    ]
(TVICHW32) TVICHW32 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\TVICHW32.SYS -> EnTech Taiwan [Ver = 6.0 | Size = 23600 bytes | Modified Date = 12/10/2007 2:55:42 AM | Attr =    ]
(viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\VIAAGP1.SYS -> VIA Technologies, Inc. [Ver = 5.1.0.3442 built by: VIA | Size = 27904 bytes | Modified Date = 7/1/2003 9:42:00 PM | Attr =    ]
(viafilter) VIA USB Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\viausb1.sys -> VIA Technologies, Inc. [Ver = 1.08 | Size = 9728 bytes | Modified Date = 9/19/2001 6:28:50 AM | Attr =    ]
(VIAudio) Vinyl AC'97 Audio Controller (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\vinyl97.sys -> VIA Technologies, Inc. [Ver = 6.14.01.4180 built by: WinDDK | Size = 203648 bytes | Modified Date = 10/9/2006 1:58:48 PM | Attr =    ]
(videX32) videX32 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\videX32.sys -> VIA Technologies, Inc. [Ver = 6.0.3790.170 | Size = 9216 bytes | Modified Date = 3/29/2007 4:36:00 AM | Attr =    ]
(vulfnths) VIA USB Host Controller Lower Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vulfnth.sys -> VIA Technologies, Inc. [Ver = 2.57 | Size = 6912 bytes | Modified Date = 8/3/2003 4:29:08 PM | Attr =    ]
(vulfntrs) VIA USB Roothub Lower Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vulfntr.sys -> VIA Technologies, Inc. [Ver = 2.61 | Size = 11392 bytes | Modified Date = 8/3/2003 4:29:32 PM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
 ->  [] -> File not found
Dit -> %SystemRoot%\Dit.exe [Dit.exe] ->  [Ver =  | Size = 69632 bytes | Modified Date = 9/5/2002 6:14:46 PM | Attr =    ]
DriverMagicLogon -> %ProgramFiles%\SymplisIT\DriverMagic\dmschedule.exe ["C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot] -> SymplisIT Corporation [Ver = 1.00.0001 | Size = 69632 bytes | Modified Date = 4/16/2008 1:54:46 AM | Attr =    ]
EPSON Stylus CX6400 -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"] -> File not found
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr =    ]
hpqSRMon -> %ProgramFiles%\HP\Digital Imaging\bin\HpqSRmon.exe [C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe] -> Hewlett-Packard [Ver = 11.0.0.142 | Size = 81920 bytes | Modified Date = 3/13/2008 9:34:28 AM | Attr =    ]
Kernel and Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> Logitech Inc. [Ver = 3.1.82 | Size = 94208 bytes | Modified Date = 7/19/2006 12:03:56 PM | Attr =    ]
KernelFaultCheck ->  [C:\WINDOWS\system32\dumprep 0 -k] -> File not found
Lexmark 1200 Series -> %ProgramFiles%\Lexmark 1200 Series\lxczbmgr.exe ["C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"] -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 7/12/2006 10:22:50 PM | Attr =    ]
Logitech Hardware Abstraction Layer -> %CommonProgramFiles%\Logitech\khalshared\KHALMNPR.exe ["C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"] -> Logitech Inc. [Ver = 3.1.82 | Size = 94208 bytes | Modified Date = 7/19/2006 12:03:56 PM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 3/28/2008 11:37:20 PM | Attr =    ]
VTPreset -> %SystemRoot%\system32\VTPreset.exe [VTPreset.exe] -> S3 Graphics, Inc. [Ver = 1.01.00.0102 | Size = 45056 bytes | Modified Date = 2/24/2004 8:17:18 PM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe] ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/21/2008 3:03:58 AM | Attr =    ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Belkin F5D8053 N Wireless USB Adapter Utility.lnk -> %ProgramFiles%\Belkin\F5D8053\Belkinwcui.exe -> Belkin [Ver = 1, 0, 0, 35 | Size = 1728512 bytes | Modified Date = 7/2/2007 7:45:04 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 43.1.5.000 | Size = 241664 bytes | Modified Date = 5/28/2004 10:31:38 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 043.001.005.000 | Size = 53248 bytes | Modified Date = 5/28/2004 11:06:36 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe -> Logitech [Ver = 1.4.19 | Size = 169472 bytes | Modified Date = 6/21/2008 3:04:00 AM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 3.1.116 | Size = 671744 bytes | Modified Date = 9/1/2006 11:01:42 AM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Photags AutoDetect.lnk -> %ProgramFiles%\PhoTags Express\Photags AutoDetect.exe ->  [Ver = 1, 0, 0, 1 | Size = 368640 bytes | Modified Date = 4/25/2006 7:32:10 AM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk -> %ProgramFiles%\RALINK\Common\RaUI.exe -> Ralink Technology, Corp. [Ver = 2, 0, 2, 0 | Size = 2101248 bytes | Modified Date = 5/15/2007 6:29:20 PM | Attr =    ]
< PATRICIA PRESCOTT Startup Folder > -> C:\Documents and Settings\PATRICIA PRESCOTT\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %UserProfile%\Desktop\ERUNT\AUTOBACK.EXE ->  [Ver =  | Size = 38912 bytes | Modified Date = 10/20/2005 12:04:08 PM | Attr =    ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 3:23:07 AM | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 8:34:01 PM | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDevMgrPage -> 0 -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:52 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_RW/DVD_GCC-4480B_______________1.01____\5&2d5130a6&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 7/15/2003 8:01:09 PM | Attr =    ]
< HOSTS File > (0 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> localhost -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6 domain(s) found. -> 
//@mail.mar@ .[msn] -> Local intranet -> 
//@mail.mar@/ .[msn] -> Local intranet -> 
//@signup.mar@ .[msn] -> My Computer -> 
//@signup.mar@/ .[msn] -> My Computer -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 2:48:58 PM | Attr =    ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =    ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 1:33:52 PM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =    ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.366.x86 | Size = 58688 bytes | Modified Date = 10/24/2007 5:51:28 AM | Attr =    ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/25/2007 1:42:24 PM | Attr = R  ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/25/2007 1:42:24 PM | Attr = R  ]
{719D74AB-1AF9-43a1-8C62-D8750628D93E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Live Search Club Toolbar\Toolbar.dll [Live Search Club Toolbar] ->  [Ver = 1, 2, 1, 2001 | Size = 1908736 bytes | Modified Date = 8/10/2007 3:00:48 AM | Attr =    ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 2:48:58 PM | Attr =    ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/25/2007 1:42:24 PM | Attr = R  ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 2:48:58 PM | Attr =    ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =    ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 1:33:52 PM | Attr =    ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 1:33:52 PM | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{4C1EC1F6-01A1-49A0-BADB-26173C109C78} ->    (Compact Wireless-G USB Adapter) -> 
{53FA28D8-1325-405A-96A4-BE07D182462E} ->    (Compact Wireless-G USB Adapter) -> 
{5F7E19EC-BCD2-4D04-B860-1C29C510C6B4} ->    (Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
{836E4E01-00BA-47FB-AA34-F66C2634278E} ->    (Belkin F5D8053 N Wireless USB Adapter) -> 
{B342B8D5-F249-4028-AF2B-CE6823480C4A} ->    (Compact Wireless-G USB Network Adapter with SpeedBooster) -> 
{B9AB17F5-9CBA-4796-AA1F-18410679D74D} ->    (Compact Wireless-G USB Adapter) -> 
{DF089B02-E595-4DD1-B3FE-DB6187713F7F} ->    (Belkin F5D8053 N Wireless USB Adapter) -> 
{E415420A-F0F5-494C-ADEC-3F35278944E4} ->    () -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> Belarc, Inc. [Ver = 7.2t | Size = 106496 bytes | Modified Date = 6/4/2007 5:41:12 PM | Attr =    ]
cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr =    ]
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 
{6B75345B-AA36-438A-BBE6-4078B4C6984D}[HKEY_LOCAL_MACHINE] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab[HpProductDetection Class] -> 
{6F15128C-E66A-490C-B848-5000B5ABEEAC}[HKEY_LOCAL_MACHINE] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[HP Download Manager] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{FFD85DC8-5261-4D11-B728-F7C59D911691}[HKEY_LOCAL_MACHINE] -> https://secure.iolo.com/app/ocx/UpgradeVerify.ocx[iolo.ProductDetector] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bejeweled.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bejeweled.ocx\\.Owner -> {615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bejeweled.ocx\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\.Owner -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPDEXAXO.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPDEXAXO.dll\\.Owner -> {6F15128C-E66A-490C-B848-5000B5ABEEAC} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPDEXAXO.dll\\{6F15128C-E66A-490C-B848-5000B5ABEEAC} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\.Owner -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\{02BCC737-B171-4746-94C9-0D8A0B2C0089} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/luxor.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/luxor.ocx\\.Owner -> {A91FB93D-7561-4524-8484-5C27C8FA8D42} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/luxor.ocx\\{A91FB93D-7561-4524-8484-5C27C8FA8D42} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swapit.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swapit.ocx\\.Owner -> {AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swapit.ocx\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UpgradeVerify.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UpgradeVerify.ocx\\.Owner -> {FFD85DC8-5261-4D11-B728-F7C59D911691} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UpgradeVerify.ocx\\{FFD85DC8-5261-4D11-B728-F7C59D911691} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\.Owner -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> 



[Files/Folders - Created Within 30 days]
Belkin F5D8053 N Wireless USB Adapter Utility.lnk -> %SystemDrive%\Belkin F5D8053 N Wireless USB Adapter Utility.lnk ->  [Ver =  | Size = 790 bytes | Created Date = 7/30/2008 8:14:50 PM | Attr =    ]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 8/5/2008 2:25:54 AM | Attr =  H ]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 8/12/2008 5:27:48 AM | Attr =    ]
epson -> %SystemDrive%\epson ->  [Folder | Created Date = 8/3/2008 12:03:31 AM | Attr =    ]
Logitech Desktop Messenger.lnk -> %SystemDrive%\Logitech Desktop Messenger.lnk ->  [Ver =  | Size = 1885 bytes | Created Date = 7/30/2008 8:14:50 PM | Attr =    ]
Logitech SetPoint.lnk -> %SystemDrive%\Logitech SetPoint.lnk ->  [Ver =  | Size = 1501 bytes | Created Date = 7/30/2008 8:14:50 PM | Attr =    ]
Photags AutoDetect.lnk -> %SystemDrive%\Photags AutoDetect.lnk ->  [Ver =  | Size = 1711 bytes | Created Date = 7/30/2008 8:14:50 PM | Attr =    ]
Ralink Wireless Utility.lnk -> %SystemDrive%\Ralink Wireless Utility.lnk ->  [Ver =  | Size = 685 bytes | Created Date = 7/30/2008 8:14:50 PM | Attr =    ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/11/2008 2:36:00 AM | Attr =    ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/11/2008 2:35:59 AM | Attr =    ]
CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak ->  [Folder | Created Date = 8/12/2008 12:36:51 PM | Attr =    ]
Config.MPF -> %SystemRoot%\System32\Config.MPF ->  [Ver =  | Size = 6312 bytes | Created Date = 8/1/2008 12:05:16 AM | Attr =    ]
EBPMON24.DLL -> %SystemRoot%\System32\EBPMON24.DLL -> SEIKO EPSON CORPORATION [Ver = 5, 4, 0, 0 | Size = 79622 bytes | Created Date = 8/3/2008 12:05:58 AM | Attr =    ]
E_SAGSET.DLL -> %SystemRoot%\System32\E_SAGSET.DLL -> SEIKO EPSON CORPORATION [Ver = 1.10 | Size = 98304 bytes | Created Date = 8/3/2008 12:05:58 AM | Attr =    ]
HPZidr12.dll -> %SystemRoot%\System32\HPZidr12.dll -> HP [Ver = 8, 0, 0, 0 | Size = 278584 bytes | Created Date = 8/5/2008 2:28:31 AM | Attr =    ]
HPZinw12.exe -> %SystemRoot%\System32\HPZinw12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 61440 bytes | Created Date = 8/5/2008 2:28:31 AM | Attr =    ]
HPZipm12.exe -> %SystemRoot%\System32\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Created Date = 8/5/2008 2:28:31 AM | Attr =    ]
HPZipr12.dll -> %SystemRoot%\System32\HPZipr12.dll -> HP [Ver = 8, 0, 0, 0 | Size = 204800 bytes | Created Date = 8/5/2008 2:28:31 AM | Attr =    ]
HPZipt12.dll -> %SystemRoot%\System32\HPZipt12.dll -> HP [Ver = 8, 0, 0, 0 | Size = 94208 bytes | Created Date = 8/5/2008 2:28:31 AM | Attr =    ]
HPZisn12.dll -> %SystemRoot%\System32\HPZisn12.dll -> HP [Ver = 8, 0, 0, 0 | Size = 57344 bytes | Created Date = 8/5/2008 2:28:31 AM | Attr =    ]
tmp68EDE.FOT -> %SystemRoot%\System32\tmp68EDE.FOT ->  [Ver =  | Size = 1409 bytes | Created Date = 8/12/2008 7:56:15 AM | Attr =    ]
tmp9FDDE.FOT -> %SystemRoot%\System32\tmp9FDDE.FOT ->  [Ver =  | Size = 1409 bytes | Created Date = 8/12/2008 7:56:15 AM | Attr =    ]
tmpE3DDE.FOT -> %SystemRoot%\System32\tmpE3DDE.FOT ->  [Ver =  | Size = 1409 bytes | Created Date = 8/12/2008 7:56:15 AM | Attr =    ]
DisableDrWatson[1].reg -> %SystemRoot%\DisableDrWatson[1].reg ->  [Ver =  | Size = 256 bytes | Created Date = 7/23/2008 2:34:00 PM | Attr =    ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Created Date = 8/5/2008 1:57:35 AM | Attr =    ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 8/12/2008 5:28:24 AM | Attr =    ]
hpoins04.dat -> %SystemRoot%\hpoins04.dat ->  [Ver =  | Size = 104182 bytes | Created Date = 8/6/2008 3:56:23 AM | Attr =    ]
hpomdl04.dat -> %SystemRoot%\hpomdl04.dat ->  [Ver =  | Size = 17176 bytes | Created Date = 8/6/2008 3:56:23 AM | Attr =    ]
hpqins13.dat -> %SystemRoot%\hpqins13.dat ->  [Ver =  | Size = 107370 bytes | Created Date = 8/7/2008 1:45:44 AM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 8/10/2008 5:40:19 AM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 8/10/2008 5:40:19 AM | Attr =  H ]
Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 7/31/2008 7:03:37 AM | Attr =    ]
WORDPAD.INI -> %SystemRoot%\WORDPAD.INI ->  [Ver =  | Size = 754 bytes | Created Date = 8/13/2008 3:46:20 AM | Attr =    ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 8/13/2008 12:37:29 PM | Attr =  H ]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 8/12/2008 5:27:48 AM | Attr =    ]
epson -> %SystemDrive%\epson ->  [Folder | Modified Date = 8/3/2008 12:07:03 AM | Attr =    ]
My Download Files -> %SystemDrive%\My Download Files ->  [Folder | Modified Date = 7/30/2008 10:32:49 PM | Attr =    ]
My Games -> %SystemDrive%\My Games ->  [Folder | Modified Date = 8/15/2008 5:38:48 AM | Attr =    ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/14/2008 8:52:43 AM | Attr = R  ]
temp -> %SystemDrive%\temp ->  [Folder | Modified Date = 8/5/2008 2:22:42 AM | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/16/2008 2:36:49 PM | Attr =    ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 7/30/2008 8:07:52 PM | Attr =    ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 7/30/2008 8:07:56 PM | Attr =    ]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 8/14/2008 6:32:07 AM | Attr =    ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 8/14/2008 6:32:06 AM | Attr =    ]
CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak ->  [Folder | Modified Date = 8/14/2008 6:32:07 AM | Attr =    ]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 7/30/2008 10:32:41 PM | Attr =    ]
Config.MPF -> %SystemRoot%\System32\Config.MPF ->  [Ver =  | Size = 6312 bytes | Modified Date = 8/16/2008 2:41:22 PM | Attr =    ]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Modified Date = 8/13/2008 7:18:03 AM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 8/13/2008 12:37:52 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 8/16/2008 2:36:54 PM | Attr =    ]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Modified Date = 7/30/2008 10:32:41 PM | Attr =    ]
Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Modified Date = 7/30/2008 10:46:04 PM | Attr =    ]
mui -> %SystemRoot%\System32\mui ->  [Folder | Modified Date = 7/30/2008 10:32:41 PM | Attr =    ]
NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Modified Date = 8/14/2008 3:58:41 AM | Attr =    ]
oobe -> %SystemRoot%\System32\oobe ->  [Folder | Modified Date = 7/30/2008 10:32:41 PM | Attr =    ]
spool -> %SystemRoot%\System32\spool ->  [Folder | Modified Date = 7/30/2008 10:37:26 PM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 2768 bytes | Modified Date = 8/11/2008 2:16:15 AM | Attr =    ]
tmp68EDE.FOT -> %SystemRoot%\System32\tmp68EDE.FOT ->  [Ver =  | Size = 1409 bytes | Modified Date = 8/12/2008 7:56:15 AM | Attr =    ]
tmp9FDDE.FOT -> %SystemRoot%\System32\tmp9FDDE.FOT ->  [Ver =  | Size = 1409 bytes | Modified Date = 8/12/2008 7:56:15 AM | Attr =    ]
tmpE3DDE.FOT -> %SystemRoot%\System32\tmpE3DDE.FOT ->  [Ver =  | Size = 1409 bytes | Modified Date = 8/12/2008 7:56:15 AM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 8/16/2008 2:37:51 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 8/13/2008 12:37:40 PM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
8BALL.INI -> %SystemRoot%\8BALL.INI ->  [Ver =  | Size = 974 bytes | Modified Date = 8/14/2008 9:15:01 PM | Attr =    ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 8/6/2008 4:06:56 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/16/2008 2:36:39 PM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 8/12/2008 12:36:51 PM | Attr =    ]
DisableDrWatson[1].reg -> %SystemRoot%\DisableDrWatson[1].reg ->  [Ver =  | Size = 256 bytes | Modified Date = 7/23/2008 2:34:00 PM | Attr =    ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Modified Date = 8/5/2008 1:57:35 AM | Attr =    ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 8/12/2008 7:25:21 AM | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 8/14/2008 11:06:33 PM | Attr =    ]
hpoins04.dat -> %SystemRoot%\hpoins04.dat ->  [Ver =  | Size = 104182 bytes | Modified Date = 8/6/2008 4:16:02 AM | Attr =    ]
hpqins13.dat -> %SystemRoot%\hpqins13.dat ->  [Ver =  | Size = 107370 bytes | Modified Date = 8/7/2008 1:47:54 AM | Attr =    ]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 7/30/2008 10:32:42 PM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 8/13/2008 12:37:45 PM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/14/2008 6:32:01 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 8/13/2008 12:37:28 PM | Attr =  HS]
iTouch.ini -> %SystemRoot%\iTouch.ini ->  [Ver =  | Size = 51 bytes | Modified Date = 7/30/2008 5:55:55 PM | Attr =    ]
lexstat.ini -> %SystemRoot%\lexstat.ini ->  [Ver =  | Size = 1071 bytes | Modified Date = 7/26/2008 11:12:04 PM | Attr =    ]
msapps -> %SystemRoot%\msapps ->  [Folder | Modified Date = 7/30/2008 10:32:42 PM | Attr =    ]
PCHealth -> %SystemRoot%\PCHealth ->  [Folder | Modified Date = 7/30/2008 10:32:42 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/16/2008 3:35:51 PM | Attr =    ]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 7/30/2008 10:32:37 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 8/10/2008 5:40:19 AM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 8/13/2008 7:10:55 AM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 8/16/2008 2:37:39 PM | Attr =    ]
Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 7/31/2008 7:03:37 AM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 8/13/2008 5:49:15 PM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 8/14/2008 8:52:43 AM | Attr =   S]
temp -> %SystemRoot%\temp ->  [Folder | Modified Date = 8/16/2008 3:26:03 PM | Attr =    ]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 8/13/2008 5:10:41 AM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 640 bytes | Modified Date = 8/6/2008 4:08:05 AM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 8/7/2008 3:02:08 AM | Attr =    ]
WORDPAD.INI -> %SystemRoot%\WORDPAD.INI ->  [Ver =  | Size = 754 bytes | Modified Date = 8/13/2008 3:46:20 AM | Attr =    ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 364 bytes | Modified Date = 8/15/2008 1:31:05 AM | Attr =    ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 356 bytes | Modified Date = 8/1/2008 1:00:08 AM | Attr =    ]
RegistrySmart Scheduled Scan.job -> %SystemRoot%\tasks\RegistrySmart Scheduled Scan.job ->  [Ver =  | Size = 450 bytes | Modified Date = 8/16/2008 3:30:00 AM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/16/2008 2:36:42 PM | Attr =  H ]
Uniblue SpeedUpMyPC Nag.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC Nag.job ->  [Ver =  | Size = 294 bytes | Modified Date = 8/15/2008 9:05:00 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ->  [Folder | Modified Date = 11/26/2007 11:54:23 AM | Attr =    ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 1310 bytes | Modified Date = 11/26/2007 11:54:23 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\MSNIA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\MSNIA ->  [Folder | Modified Date = 5/4/2007 5:13:44 AM | Attr =    ]
Settings.Dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\MSNIA\Settings.Dat ->  [Ver =  | Size = 452 bytes | Modified Date = 7/11/2008 5:41:44 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 7/16/2003 9:41:06 AM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 9660 bytes | Modified Date = 8/16/2008 2:38:17 PM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 9660 bytes | Modified Date = 8/16/2008 2:38:17 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data ->  [Folder | Modified Date = 5/4/2007 5:48:07 AM | Attr =    ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 3804 bytes | Modified Date = 5/11/2007 11:22:10 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 7/30/2008 10:32:58 PM | Attr =    ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/17/2008 6:50:06 AM | Attr =    ]
wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat ->  [Ver =  | Size = 419352 bytes | Modified Date = 7/15/2008 9:07:42 AM | Attr =    ]
wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat ->  [Ver =  | Size = 419352 bytes | Modified Date = 7/15/2008 9:07:42 AM | Attr =    ]
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp ->  [Folder | Modified Date = 8/16/2008 3:25:46 PM | Attr =    ]
rtdrvmon.exe -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 8/16/2008 3:29:22 PM | Attr =    ]
73 C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries ->  [Folder | Modified Date = 8/12/2008 2:45:21 PM | Attr =    ]
ScanningProcess.exe -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\ScanningProcess.exe -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 8/12/2008 2:45:17 PM | Attr =    ]
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp ->  [Folder | Modified Date = 8/16/2008 3:25:46 PM | Attr =    ]
IadHide4.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\IadHide4.dll -> BackWeb [Ver = Version 6.1.4 (Build 61R) | Size = 24576 bytes | Modified Date = 6/21/2008 3:03:58 AM | Attr =    ]
73 C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries ->  [Folder | Modified Date = 8/12/2008 2:45:21 PM | Attr =    ]
FSSync.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\FSSync.dll -> Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 8/12/2008 2:45:17 PM | Attr =    ]
ikave.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\ikave.dll ->  [Ver = 5, 0, 1, 83 | Size = 65536 bytes | Modified Date = 8/12/2008 2:45:19 PM | Attr =    ]
kave.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\kave.dll -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 8/12/2008 2:45:19 PM | Attr =    ]
kosglue-7.0.25.0.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\kosglue-7.0.25.0.dll -> Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 8/12/2008 2:45:20 PM | Attr =    ]
msvcm80.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 479232 bytes | Modified Date = 8/12/2008 2:45:16 PM | Attr =    ]
msvcp80.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 548864 bytes | Modified Date = 8/12/2008 2:45:19 PM | Attr =    ]
msvcr80.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Modified Date = 8/12/2008 2:45:19 PM | Attr =    ]
prLoader.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\prLoader.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 184320 bytes | Modified Date = 8/12/2008 2:45:20 PM | Attr =    ]
prremote.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\prremote.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 90112 bytes | Modified Date = 8/12/2008 2:45:20 PM | Attr =    ]
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\TempFolder.aaa\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\TempFolder.aaa\ ->  [Folder | Modified Date = 8/12/2008 7:56:12 AM | Attr =    ]
dirapi.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\TempFolder.aaa\dirapi.dll -> Macromedia, Inc. [Ver = 8.5.1r102 | Size = 1097728 bytes | Modified Date = 8/12/2008 7:56:10 AM | Attr =    ]
iml32.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\TempFolder.aaa\iml32.dll -> Macromedia, Inc. [Ver = 8.5.1r102 | Size = 561152 bytes | Modified Date = 8/12/2008 7:56:10 AM | Attr =    ]
msvcrt.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\TempFolder.aaa\msvcrt.dll -> Microsoft Corporation [Ver = 6.00.8337.0 | Size = 266293 bytes | Modified Date = 8/12/2008 7:56:11 AM | Attr =    ]
proj.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\TempFolder.aaa\proj.dll -> Macromedia, Inc. [Ver = 8.5.1r102 | Size = 151552 bytes | Modified Date = 8/12/2008 7:56:10 AM | Attr =    ]
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\engine\bases\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\engine\bases ->  [Folder | Modified Date = 8/12/2008 2:52:36 PM | Attr =    ]
sfdb.dat -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\engine\bases\sfdb.dat ->  [Ver =  | Size = 84 bytes | Modified Date = 8/12/2008 2:52:36 PM | Attr =    ]
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries ->  [Folder | Modified Date = 8/12/2008 2:45:21 PM | Attr =    ]
_kave.ini -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\_kave.ini ->  [Ver =  | Size = 102 bytes | Modified Date = 8/12/2008 2:45:18 PM | Attr =    ]
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\engine\bases\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\engine\bases ->  [Folder | Modified Date = 8/12/2008 2:52:36 PM | Attr =    ]
verdicts.ini -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\engine\bases\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 8/12/2008 2:52:28 PM | Attr =    ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\temp ->  [Folder | Modified Date = 8/16/2008 3:35:23 PM | Attr =    ]
rtdrvmon.exe -> C:\WINDOWS\temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 8/16/2008 2:37:03 PM | Attr =    ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\temp ->  [Folder | Modified Date = 8/16/2008 3:35:23 PM | Attr =    ]
Perflib_Perfdata_92c.dat -> C:\WINDOWS\temp\Perflib_Perfdata_92c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/14/2008 11:11:59 PM | Attr =    ]
Perflib_Perfdata_9a0.dat -> C:\WINDOWS\temp\Perflib_Perfdata_9a0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/14/2008 6:59:33 PM | Attr =    ]
Perflib_Perfdata_9a4.dat -> C:\WINDOWS\temp\Perflib_Perfdata_9a4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/14/2008 10:05:28 PM | Attr =    ]
Perflib_Perfdata_9c4.dat -> C:\WINDOWS\temp\Perflib_Perfdata_9c4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/14/2008 2:25:51 AM | Attr =    ]
Perflib_Perfdata_9e4.dat -> C:\WINDOWS\temp\Perflib_Perfdata_9e4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/14/2008 6:19:15 AM | Attr =    ]
Perflib_Perfdata_a20.dat -> C:\WINDOWS\temp\Perflib_Perfdata_a20.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/13/2008 5:50:13 PM | Attr =    ]
Perflib_Perfdata_a28.dat -> C:\WINDOWS\temp\Perflib_Perfdata_a28.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/16/2008 3:14:10 AM | Attr =    ]
Perflib_Perfdata_a4c.dat -> C:\WINDOWS\temp\Perflib_Perfdata_a4c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/13/2008 10:06:34 AM | Attr =    ]
Perflib_Perfdata_a7c.dat -> C:\WINDOWS\temp\Perflib_Perfdata_a7c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/12/2008 11:51:53 AM | Attr =    ]
Perflib_Perfdata_ac8.dat -> C:\WINDOWS\temp\Perflib_Perfdata_ac8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/12/2008 1:00:36 PM | Attr =    ]

< End of report >
pjp_1234
Active Member
 
Posts: 12
Joined: August 6th, 2008, 2:59 am

Re: Hijack This log for analysis

Unread postby peku006 » August 17th, 2008, 12:24 am

Hi Patty

Missing drivers for an AGP video card that is installed and for some odd reason now is not found under hardware. It won't permit me to play some newer games and I get an error message "No compatible display devices found."

if you still have this problem ,reinstall your video card .

1 - Run Kaspersky online scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the Kaspersky online scanner report
2. a fresh HijackThis log
description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Hijack This log for analysis

Unread postby pjp_1234 » August 18th, 2008, 12:52 pm

Hi again,

No new problems to report. System still locks up and my video card won't reinstall. Here are the logs you requested.

Thanks so much!

Patty :)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 18, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 16, 2008 21:59:46
Records in database: 1099301
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 186431
Threat name: 4
Infected objects: 4
Suspicious objects: 13
Duration of the scan: 05:22:15


File name / Threat name / Threats count
C:\Documents and Settings\PATRICIA PRESCOTT\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Identities\{E53E8A33-444C-4429-A144-301819F851BC}\Microsoft\Outlook Express\Junk E-Mail.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Identities\{E53E8A33-444C-4429-A144-301819F851BC}\Microsoft\Outlook Express\Sent Messages (1).dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 4
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (pjp_1234@msn.com)\stm0x300203e.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (pjp_1234@msn.com)\stm0x300205a.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (pjp_1234@msn.com)\stm0x300231d.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (pjp_1234@msn.com)\stm0x30023ba.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (pjp_1234@msn.com)\stm0x30023dd.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (pjp_1234@msn.com)\stm0x30023f0.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\My Games\Hidden Wonders of the Depths\HWD.exe Suspicious: Type_Win32 1
C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe Infected: Trojan-Downloader.Win32.Agent.aaza 1
C:\Program Files\Real\RealArcade\GoogleToolbarInstaller.exe Infected: Trojan-Downloader.Win32.Agent.aaza 1
C:\WINDOWS\Installer\321de3a.msi Infected: Trojan-Downloader.Win32.Agent.aaza 1

The selected area was scanned.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:50:36, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Documents and Settings\PATRICIA PRESCOTT\Desktop\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - https://secure.iolo.com/app/ocx/UpgradeVerify.ocx
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe

--
End of file - 9917 bytes
pjp_1234
Active Member
 
Posts: 12
Joined: August 6th, 2008, 2:59 am

Re: Hijack This log for analysis

Unread postby peku006 » August 18th, 2008, 2:16 pm

Hi
those scans certainly came up clean. I don't believe your issue is Malware related.
this HJT forum is mainly for malware removal help, so if it is hardware or operating system you would get better help in this forum:

PC PitStop

one thing we need to do......

Delete files

    I need you to right click on the start button
    click on explore
    and navegate to and delete these files (if present):


    C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Identities\{E53E8A33-444C-4429-A144-301819F851BC}\Microsoft\Outlook Express\Junk E-Mail.dbx
    C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (pjp_1234@msn.com)\stm0x300203e.000 S
    C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (pjp_1234@msn.com)\stm0x300205a.000
    C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (pjp_1234@msn.com)\stm0x300231d.000
    C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (pjp_1234@msn.com)\stm0x30023ba.000
    C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (pjp_1234@msn.com)\stm0x30023dd.000 S
    C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (pjp_1234@msn.com)\stm0x30023f0.000
    C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe
    C:\Program Files\Real\RealArcade\GoogleToolbarInstaller.exe
    C:\WINDOWS\Installer\321de3a.msi


After that...........
Congratulations, your log looks clean!
:)

Time for some housekeeping

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpyWare Blaster 4.1
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Note:"Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:
Stop and Disable the DNS Client Service
Go to Start, Run and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find this service.
DNS Client
Right-Click on the DNS Client Service. Choose Properties
Select the General tab. Click on the Stop button.
Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Manual
Click the Apply tab, then click OK


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note: If you are running Windows XP SP2, you should upgrade to SP3.

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Happy safe surfing! ;)
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Hijack This log for analysis

Unread postby NonSuch » August 21st, 2008, 6:36 am

As the malware issues appear to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 39 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware