Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: help please

Unread postby ddopson » November 4th, 2008, 6:25 pm

well that one seems to have worked. I had also rum MBAM again after last night's successes and have attached that log at the end of this one.

Code: Select all
OTScanIt logfile created on: 11/4/2008 5:18:22 PM
OTScanIt by OldTimer - Version 1.0.19.0     Folder = C:\Documents and Settings\dan\Desktop\OTScanIt
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale:  | Country:  | Language:  | Date Format: 
 
501.77 Mb Total Physical Memory | 131.19 Mb Available Physical Memory | 26.15% Memory free
1.20 Gb Paging File | 0.65 Gb Available in Paging File | 54.04% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.64 Gb Total Space | 145.02 Gb Free Space | 63.43% Space Free | Partition Type: NTFS
Drive D: | 4.23 Gb Total Space | 0.99 Gb Free Space | 23.48% Space Free | Partition Type: FAT32
Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UPSTAIRS
Current User Name: dan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

[Processes - Non-Microsoft Only]
prismxl.sys -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 5/20/2005 5:47:29 AM | Attr =    ]
symlcsvc.exe -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1245064 bytes | Modified Date = 3/21/2008 2:18:34 PM | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.3 | Size = 307712 bytes | Modified Date = 9/25/2008 8:51:54 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %SystemRoot%\System32\alg.exe -> File not found
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> File not found
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(Browser) Computer Browser [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\cisvc.exe -> File not found
(ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\clipsrv.exe -> File not found
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\ -> File not found
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> File not found
(dmserver) Logical Disk Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(Dot3svc) Wired AutoConfig [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(EapHost) Extensible Authentication Protocol Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> File not found
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(hkmsvc) Health Key and Certificate Management Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %systemroot%\system32\imapi.exe -> File not found
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %systemroot%\system32\msiexec.exe -> File not found
(napagent) Network Access Protection Agent [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde.exe -> File not found
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde.exe -> File not found
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found
(NtmsSvc) Removable Storage [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found
(PrismXL) PrismXL [Win32_Own | Auto | Running] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 5/20/2005 5:47:29 AM | Attr =    ]
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(RemoteRegistry) Remote Registry [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\locator.exe -> File not found
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\rsvp.exe -> File not found
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\SCardSvr.exe -> File not found
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %SystemRoot%\system32\spoolsv.exe -> File not found
(srservice) System Restore Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(SSDPSRV) SSDP Discovery Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1245064 bytes | Modified Date = 3/21/2008 2:18:34 PM | Attr =    ]
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\smlogsvc.exe -> File not found
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(TermService) Terminal Services [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\ -> File not found
(Themes) Themes [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\ups.exe -> File not found
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vssvc.exe -> File not found
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(WebClient) WebClient [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %systemroot%\system32\svchost.exe -> File not found
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(wscsvc) Security Center [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(WSearch) Windows Search [Win32_Own | Auto | Running] -> %systemroot%\system32\SearchIndexer.exe -> File not found
(wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %systemroot%\system32\svchost.exe -> File not found
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\ -> File not found

[Driver Services - Non-Microsoft Only]
(BCMNTIO) BCMNTIO [Kernel | Auto | Running] -> %SystemDrive%\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys ->  [Ver =  | Size = 3744 bytes | Modified Date = 3/5/2004 4:09:00 PM | Attr =    ]
(BRGSp50) BRGSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\BRGSp50.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.18.03 built by: WinDDK | Size = 20608 bytes | Modified Date = 6/8/2005 6:44:20 PM | Attr =    ]
(BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> E:\INSTAL~E\Core\BVRPMPR5.SYS -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found
(MAPMEM) MAPMEM [Kernel | Auto | Running] -> %SystemDrive%\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys ->  [Ver =  | Size = 3904 bytes | Modified Date = 3/5/2004 4:09:02 PM | Attr =    ]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 10:52:12 PM | Attr =    ]
(mxnic) Macronix MX987xx Family Fast Ethernet NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\mxnic.sys -> Macronix International Co., Ltd.                                                [Ver = 2.12 (XPClient.010817-1148) | Size = 19968 bytes | Modified Date = 8/17/2001 3:49:32 PM | Attr =    ]
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\PalmUSBD.sys -> PalmSource, Inc. [Ver = 6, 0, 1, 0 | Size = 16694 bytes | Modified Date = 5/20/2008 8:24:44 PM | Attr =    ]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 11:07:44 PM | Attr =    ]
(SunkFilt) Alcor Micro Corp Reader [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\sunkfilt.sys -> Alcor Micro Corp. [Ver = 2, 0, 5, 0 | Size = 36804 bytes | Modified Date = 11/15/2004 7:41:54 PM | Attr =    ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wanatw4.sys -> File not found
(ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\zd1211Bu.sys -> ZyDAS Technology Corporation [Ver = 5, 2, 0, 0 | Size = 330240 bytes | Modified Date = 8/17/2005 2:43:20 PM | Attr =    ]
(ZDPSp50) ZDPSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\ZDPSp50.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.18.02 | Size = 17664 bytes | Modified Date = 10/25/2004 1:40:58 PM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> File not found
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> File not found
ALUAlert -> %ProgramFiles%\Symantec\LiveUpdate\ALUNOTIFY [C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe] -> File not found
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> File not found
CHotkey -> %SystemRoot%\zHotkey [zHotkey.exe] -> File not found
ehTray -> %SystemRoot%\ehome\ehtray [C:\WINDOWS\ehome\ehtray.exe] -> File not found
High Definition Audio Property Page Shortcut -> %SystemRoot%\system32\Hdaudpropshortcut [HDAudPropShortcut.exe] -> File not found
HotKeysCmds -> %SystemRoot%\system32\hkcmd [C:\WINDOWS\system32\hkcmd.exe] -> File not found
IgfxTray -> %SystemRoot%\system32\igfxtray [C:\WINDOWS\system32\igfxtray.exe] -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper ["C:\Program Files\iTunes\iTunesHelper.exe"] -> File not found
McRegWiz -> D:\i386\Apps\App01496\rgw\mcregwiz.exe [D:\i386\Apps\App01496\rgw\mcregwiz.exe /autorun] ->  [Ver =  | Size = 139264 bytes | Modified Date = 11/24/2004 12:12:20 PM | Attr =    ]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck ["C:\Program Files\Norton Internet Security\osCheck.exe"] -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\qttask ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> File not found
Recguard -> %SystemRoot%\SMINST\Recguard [%WINDIR%\SMINST\RECGUARD.EXE] -> File not found
Reminder -> %SystemRoot%\creator\remind_xp [%WINDIR%\Creator\Remind_XP.exe] -> File not found
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> File not found
ShowWnd -> %SystemRoot%\ShowWnd [ShowWnd.exe] -> File not found
SoundMan -> %SystemRoot%\SOUNDMAN [SOUNDMAN.EXE] -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre6\bin\jusched ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> File not found
Zune Launcher -> %ProgramFiles%\Zune\ZuneLauncher ["c:\Program Files\Zune\ZuneLauncher.exe"] -> File not found
< Aaron Startup Folder > -> C:\Documents and Settings\Aaron\Start Menu\Programs\Startup -> 
 -> %SystemDrive%\Documents and Settings\Aaron\Start Menu\Programs\Startup\desktop -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
 -> %SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
 -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop -> File not found
< dan Startup Folder > -> C:\Documents and Settings\dan\Start Menu\Programs\Startup -> 
 -> %UserProfile%\Start Menu\Programs\Startup\desktop -> File not found
%UserProfile%\Start Menu\Programs\Startup\Norton Internet Security.lnk -> %CommonProgramFiles%\Symantec Shared\NPC\2.0\uiStub2 -> File not found
< Deanna Startup Folder > -> C:\Documents and Settings\Deanna\Start Menu\Programs\Startup -> 
 -> %SystemDrive%\Documents and Settings\Deanna\Start Menu\Programs\Startup\desktop -> File not found
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
 -> %SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop -> File not found
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
%SystemDrive%\Documents and Settings\Owner\Start Menu\Programs\Startup\America Online 5.0 Tray Icon.lnk -> %SystemDrive%\America Online 5.0\aoltray.exe -> File not found
 -> %SystemDrive%\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop -> File not found
< wat up g-dogg Startup Folder > -> C:\Documents and Settings\wat up g-dogg\Start Menu\Programs\Startup -> 
 -> %SystemDrive%\Documents and Settings\wat up g-dogg\Start Menu\Programs\Startup\desktop -> File not found
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> 
Your Image File Name Here without a path -> %SystemRoot%\system32\ntsd [Debugger] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer -> File not found
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit -> File not found
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui -> File not found
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011] > -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui ->  -> File not found
sclgntfy ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 227 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011] > -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom [system32\DRIVERS\cdrom.sys] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC [ NTFS ] -> File not found
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1       localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: SearchURL\\ -> http://www.google.com/keyword/%s[gogl] -> 
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: SearchURL\\ -> http://www.google.com/keyword/%s[gogl] -> 
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\] > -> -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\] > -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\] > -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 11/22/2005 12:46:48 PM | Attr =    ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr =    ]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Reg Error: Value  does not exist or could not be read.] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 6/30/2008 12:44:04 PM | Attr =    ]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.2.0.81 | Size = 116088 bytes | Modified Date = 3/21/2008 2:19:22 PM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> Sun Microsystems, Inc. [Ver = 6.0.100.33 | Size = 320920 bytes | Modified Date = 11/3/2008 5:27:43 PM | Attr =    ]
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> Sun Microsystems, Inc. [Ver = 6.0.100.33 | Size = 34816 bytes | Modified Date = 11/3/2008 5:27:42 PM | Attr =    ]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> Sun Microsystems, Inc. [Ver = 6.0.100.33 | Size = 73728 bytes | Modified Date = 11/3/2008 5:27:45 PM | Attr =    ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 6/30/2008 12:44:04 PM | Attr =    ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 11/22/2005 12:46:48 PM | Attr =    ]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found
CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Value  does not exist or could not be read.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> File not found
&Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL -> File not found
Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
Translate into English -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Value  does not exist or could not be read.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> File not found
&Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL -> File not found
Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
Translate into English -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\] > -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{046FBFD1-B44A-438E-B471-54C246F7A434} ->    (Intel(R) PRO/100 VE Network Connection) -> 
{61B34C69-95F2-40CD-B754-84331F46E048} ->    (1394 Net Adapter) -> 
{E7690667-4A5B-4011-9A81-80B98121DADB} ->    ((ZD1211B)IEEE 802.11 b+g USB Adapter) -> 
< Default Protocols [HKEY_CURRENT_USER\] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
@ivt -> @ivt protocol not assigned -> 
file -> file protocol not assigned -> 
ftp -> ftp protocol not assigned -> 
http -> http protocol not assigned -> 
https -> https protocol not assigned -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\] - Select to Repair > -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
@ivt -> @ivt protocol not assigned -> 
file -> file protocol not assigned -> 
ftp -> ftp protocol not assigned -> 
http -> http protocol not assigned -> 
https -> https protocol not assigned -> 
shell -> shell protocol not assigned -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{05D44720-58E3-49E6-BDF6-D00330E511D3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab[StagingUI Object] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{1F2F4C9E-6F09-47BC-970D-3C54734667FE}[HKEY_LOCAL_MACHINE] -> http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab[Reg Error: Key does not exist or could not be opened.] -> 
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab[ZoneBuddy Class] -> 
{5736C456-EA94-4AAC-BB08-917ABDD035B3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab[ZonePAChat Object] -> 
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> 
{6A344D34-5231-452A-8A57-D064AC9B7862}[HKEY_LOCAL_MACHINE] -> https://webdl.symantec.com/activex/symdlmgr.cab[Symantec Download Manager] -> 
{74C861A1-D548-4916-BC8A-FDE92EDFF62C}[HKEY_LOCAL_MACHINE] -> http://mediaplayer.walmart.com/installer/install.cab[Reg Error: Key does not exist or could not be opened.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab[ZoneIntro Class] -> 
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}[HKEY_LOCAL_MACHINE] -> http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab[Reg Error: Key does not exist or could not be opened.] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/StProxy.cab41227.cab[StadiumProxy Class] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/LSSupCtl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/LSSupCtl.dll\\.Owner -> {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/LSSupCtl.dll\\{1F2F4C9E-6F09-47BC-970D-3C54734667FE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LSSupCtl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LSSupCtl.dll\\.Owner -> {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LSSupCtl.dll\\{1F2F4C9E-6F09-47BC-970D-3C54734667FE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\.Owner -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\{644E432F-49D3-41A1-8DD5-E099162EEEC5} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\\.Owner -> {05D44720-58E3-49E6-BDF6-D00330E511D3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\\{05D44720-58E3-49E6-BDF6-D00330E511D3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\\.Owner -> {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\\.Owner -> {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\\.Owner -> {6A344D34-5231-452A-8A57-D064AC9B7862} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\\{6A344D34-5231-452A-8A57-D064AC9B7862} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\\.Owner -> {3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\\{3BB54395-5982-4788-8AF4-B5388FFDD0D8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\\.Owner -> {5736C456-EA94-4AAC-BB08-917ABDD035B3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\\{5736C456-EA94-4AAC-BB08-917ABDD035B3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\{6A344D34-5231-452A-8A57-D064AC9B7862} ->  -> 



[Files/Folders - Created Within 60 days]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 11/2/2008 9:00:22 AM | Attr =    ]
Qoobox -> %SystemDrive%\Qoobox ->  [Folder | Created Date = 11/2/2008 9:00:23 AM | Attr =    ]
rsit -> %SystemDrive%\rsit ->  [Folder | Created Date = 10/29/2008 5:01:10 PM | Attr =    ]
bits -> %SystemRoot%\System32\bits ->  [Folder | Created Date = 9/7/2008 12:06:24 PM | Attr =    ]
16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 9/7/2008 12:06:26 PM | Attr =    ]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Created Date = 10/4/2008 7:51:50 PM | Attr =    ]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 9/7/2008 12:06:31 PM | Attr =    ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Created Date = 9/7/2008 11:46:26 AM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 11/2/2008 9:00:23 AM | Attr =    ]
fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 11/2/2008 9:00:37 AM | Attr =    ]
grep.exe -> %SystemRoot%\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 11/2/2008 9:00:37 AM | Attr =    ]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 9/7/2008 12:06:29 PM | Attr =    ]
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 11/2/2008 9:00:37 AM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 9/7/2008 1:11:29 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 9/6/2008 4:06:30 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 9/6/2008 4:06:30 PM | Attr =  H ]
sed.exe -> %SystemRoot%\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 11/2/2008 9:00:37 AM | Attr =    ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Created Date = 9/7/2008 12:00:10 PM | Attr =    ]
SWREG.exe -> %SystemRoot%\SWREG.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 11/2/2008 9:00:37 AM | Attr =    ]
SWSC.exe -> %SystemRoot%\SWSC.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 11/2/2008 9:00:36 AM | Attr =    ]
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 11/2/2008 9:00:36 AM | Attr =    ]
VFIND.exe -> %SystemRoot%\VFIND.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 11/2/2008 9:00:37 AM | Attr =    ]
zip.exe -> %SystemRoot%\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 11/2/2008 9:00:37 AM | Attr =    ]

[Files/Folders - Modified Within 60 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 526213120 bytes | Modified Date = 11/2/2008 9:13:35 AM | Attr =  HS]
IPH.PH -> %SystemDrive%\IPH.PH ->  [Ver =  | Size = 1616 bytes | Modified Date = 10/28/2008 11:59:39 AM | Attr =  H ]
ntldr -> %SystemDrive%\ntldr ->  [Ver =  | Size = 250048 bytes | Modified Date = 9/7/2008 11:54:24 AM | Attr = RHS]
16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 274968 bytes | Modified Date = 10/15/2008 2:10:19 AM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 71426 bytes | Modified Date = 11/2/2008 9:18:43 AM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 430276 bytes | Modified Date = 11/2/2008 9:18:43 AM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 510896 bytes | Modified Date = 11/2/2008 9:18:43 AM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1170 bytes | Modified Date = 11/2/2008 10:05:14 AM | Attr =    ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 11/2/2008 9:13:41 AM | Attr =   S]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 4625 bytes | Modified Date = 10/22/2008 8:38:52 PM | Attr =    ]
msoffice.ini -> %SystemRoot%\msoffice.ini ->  [Ver =  | Size = 4 bytes | Modified Date = 10/4/2008 7:13:29 PM | Attr =    ]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Modified Date = 10/8/2008 4:28:56 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 9/6/2008 4:06:30 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 10/7/2008 6:39:00 PM | Attr =  H ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 243 bytes | Modified Date = 11/2/2008 9:06:37 AM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 598 bytes | Modified Date = 10/4/2008 7:13:36 PM | Attr =    ]
Norton Internet Security - Run Full System Scan - dan.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - dan.job ->  [Ver =  | Size = 618 bytes | Modified Date = 11/3/2008 8:03:48 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 11/2/2008 9:14:22 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs ->  [Folder | Modified Date = 11/2/2008 9:14:36 AM | Attr =    ]
eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/14/2007 7:00:39 PM | Attr =  H ]
eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/14/2007 8:31:54 PM | Attr =  H ]
eHomeLog-10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-10 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/25/2007 10:25:11 PM | Attr =  H ]
eHomeLog-11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-11 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/25/2007 10:25:57 PM | Attr =  H ]
eHomeLog-12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-12 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/26/2007 8:12:55 PM | Attr =  H ]
eHomeLog-13.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-13 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/26/2007 8:30:38 PM | Attr =  H ]
eHomeLog-14.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-14 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/26/2007 8:30:14 PM | Attr =  H ]
eHomeLog-15.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-15 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/26/2007 10:12:29 PM | Attr =  H ]
eHomeLog-16.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-16 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/27/2007 8:53:31 PM | Attr =  H ]
eHomeLog-17.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-17 ->  [Ver =  | Size = 268 bytes | Modified Date = 9/1/2007 10:11:54 AM | Attr =  H ]
eHomeLog-18.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-18 ->  [Ver =  | Size = 268 bytes | Modified Date = 9/3/2007 8:25:36 AM | Attr =  H ]
eHomeLog-19.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-19 ->  [Ver =  | Size = 268 bytes | Modified Date = 9/3/2007 9:02:12 AM | Attr =  H ]
eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/15/2007 9:29:50 PM | Attr =  H ]
eHomeLog-20.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-20 ->  [Ver =  | Size = 268 bytes | Modified Date = 9/3/2007 11:32:53 AM | Attr =  H ]
eHomeLog-21.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-21 ->  [Ver =  | Size = 268 bytes | Modified Date = 9/3/2007 8:34:11 PM | Attr =  H ]
eHomeLog-22.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-22 ->  [Ver =  | Size = 268 bytes | Modified Date = 9/7/2007 3:39:54 PM | Attr =  H ]
eHomeLog-23.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-23 ->  [Ver =  | Size = 268 bytes | Modified Date = 9/7/2007 3:40:22 PM | Attr =  H ]
eHomeLog-24.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-24 ->  [Ver =  | Size = 268 bytes | Modified Date = 9/7/2007 9:32:04 PM | Attr =  H ]
eHomeLog-25.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-25 ->  [Ver =  | Size = 268 bytes | Modified Date = 9/7/2007 9:45:40 PM | Attr =  H ]
eHomeLog-26.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-26 ->  [Ver =  | Size = 268 bytes | Modified Date = 9/8/2007 4:59:07 PM | Attr =  H ]
eHomeLog-27.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-27 ->  [Ver =  | Size = 268 bytes | Modified Date = 9/8/2007 6:05:23 PM | Attr =  H ]
eHomeLog-28.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-28 ->  [Ver =  | Size = 268 bytes | Modified Date = 9/8/2007 7:10:47 PM | Attr =  H ]
eHomeLog-29.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-29 ->  [Ver =  | Size = 268 bytes | Modified Date = 9/9/2007 7:21:05 PM | Attr =  H ]
eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/16/2007 9:26:45 PM | Attr =  H ]
eHomeLog-30.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-30 ->  [Ver =  | Size = 268 bytes | Modified Date = 9/14/2007 6:16:26 PM | Attr =  H ]
eHomeLog-31.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-31 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/1/2007 2:21:26 PM | Attr =  H ]
eHomeLog-32.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-32 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/1/2007 5:50:06 PM | Attr =  H ]
eHomeLog-33.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-33 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/3/2007 4:42:33 PM | Attr =  H ]
eHomeLog-34.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-34 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/6/2007 6:59:32 PM | Attr =  H ]
eHomeLog-35.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-35 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/6/2007 8:02:06 PM | Attr =  H ]
eHomeLog-36.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-36 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/6/2007 8:09:19 PM | Attr =  H ]
eHomeLog-37.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-37 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/8/2007 7:09:35 PM | Attr =  H ]
eHomeLog-38.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-38 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/9/2007 7:16:53 PM | Attr =  H ]
eHomeLog-39.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-39 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/9/2007 9:49:50 PM | Attr =  H ]
eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/17/2007 6:21:17 PM | Attr =  H ]
eHomeLog-40.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-40 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/10/2007 3:51:40 PM | Attr =  H ]
eHomeLog-41.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-41 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/10/2007 6:35:09 PM | Attr =  H ]
eHomeLog-42.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-42 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/11/2007 9:18:50 AM | Attr =  H ]
eHomeLog-43.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-43 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/11/2007 8:11:46 PM | Attr =  H ]
eHomeLog-44.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-44 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/12/2007 9:29:27 PM | Attr =  H ]
eHomeLog-45.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-45 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/14/2007 6:03:48 PM | Attr =  H ]
eHomeLog-46.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-46 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/14/2007 6:14:36 PM | Attr =  H ]
eHomeLog-47.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-47 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/14/2007 6:47:18 PM | Attr =  H ]
eHomeLog-5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-5 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/17/2007 6:22:21 PM | Attr =  H ]
eHomeLog-6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-6 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/17/2007 10:25:11 PM | Attr =  H ]
eHomeLog-7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-7 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/19/2007 12:55:23 PM | Attr =  H ]
eHomeLog-8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-8 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/19/2007 8:52:57 PM | Attr =  H ]
eHomeLog-9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-9 ->  [Ver =  | Size = 268 bytes | Modified Date = 8/23/2007 5:58:14 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ->  [Folder | Modified Date = 10/6/2005 7:25:29 PM | Attr =    ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg ->  [Ver =  | Size = 9158 bytes | Modified Date = 5/9/2006 7:38:50 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 4/13/2005 12:46:35 PM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0 ->  [Ver =  | Size = 4646 bytes | Modified Date = 10/25/2008 1:23:39 PM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1 ->  [Ver =  | Size = 4232 bytes | Modified Date = 10/25/2008 1:23:39 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 5/11/2006 11:57:20 AM | Attr =    ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11 ->  [Ver =  | Size = 11082 bytes | Modified Date = 5/11/2006 11:57:41 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc ->  [Folder | Modified Date = 11/2/2008 9:14:57 AM | Attr =    ]
Perflib_Perfdata_2a8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_2a8 ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/2/2008 9:14:57 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 6/6/2006 3:33:23 PM | Attr =    ]
CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU ->  [Ver =  | Size = 12 bytes | Modified Date = 5/17/2006 7:47:28 AM | Attr =    ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/4/2005 12:04:20 PM | Attr =    ]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1 ->  [Ver =  | Size = 171310 bytes | Modified Date = 12/4/2005 12:45:20 PM | Attr =    ]
C:\WINDOWS\Temp\jkos-dan\binaries\ -> C:\WINDOWS\Temp\jkos-dan\binaries ->  [Folder | Modified Date = 11/3/2008 6:59:33 PM | Attr =    ]
ScanningProcess.exe -> C:\WINDOWS\Temp\jkos-dan\binaries\ScanningProcess -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr =    ]
C:\WINDOWS\Temp\jkos-dan\binaries\ -> C:\WINDOWS\Temp\jkos-dan\binaries ->  [Folder | Modified Date = 11/3/2008 6:59:33 PM | Attr =    ]
FSSync.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\FSSync.dll -> Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 11/3/2008 6:59:30 PM | Attr =    ]
ikave.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\ikave.dll ->  [Ver = 5, 0, 1, 83 | Size = 65536 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr =    ]
kave.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\kave.dll -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr =    ]
kosglue-7.0.25.0.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\kosglue-7.0.25.0.dll -> Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 11/3/2008 6:59:32 PM | Attr =    ]
msvcm80.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 479232 bytes | Modified Date = 11/3/2008 6:59:30 PM | Attr =    ]
msvcp80.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 548864 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr =    ]
msvcr80.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr =    ]
prLoader.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\prLoader.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 184320 bytes | Modified Date = 11/3/2008 6:59:32 PM | Attr =    ]
prremote.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\prremote.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 90112 bytes | Modified Date = 11/3/2008 6:59:32 PM | Attr =    ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 11/4/2008 5:13:57 PM | Attr =    ]
Perflib_Perfdata_158.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_158 ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/2/2008 11:56:16 AM | Attr =    ]
Perflib_Perfdata_584.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_584 ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/3/2008 5:28:14 PM | Attr =    ]
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies ->  [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\Cookies\index ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/2/2008 9:14:08 AM | Attr =  HS]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/2/2008 9:14:08 AM | Attr =  HS]
C:\WINDOWS\Temp\jkos-dan\engine\bases\ -> C:\WINDOWS\Temp\jkos-dan\engine\bases ->  [Folder | Modified Date = 11/3/2008 7:00:06 PM | Attr =    ]
sfdb.dat -> C:\WINDOWS\Temp\jkos-dan\engine\bases\sfdb ->  [Ver =  | Size = 84 bytes | Modified Date = 11/3/2008 7:00:21 PM | Attr =    ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/2/2008 9:14:08 AM | Attr =  HS]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 145 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
C:\WINDOWS\Temp\jkos-dan\binaries\ -> C:\WINDOWS\Temp\jkos-dan\binaries ->  [Folder | Modified Date = 11/3/2008 6:59:33 PM | Attr =    ]
_kave.ini -> C:\WINDOWS\Temp\jkos-dan\binaries\_kave ->  [Ver =  | Size = 102 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr =    ]
C:\WINDOWS\Temp\jkos-dan\engine\bases\ -> C:\WINDOWS\Temp\jkos-dan\engine\bases ->  [Folder | Modified Date = 11/3/2008 7:00:06 PM | Attr =    ]
verdicts.ini -> C:\WINDOWS\Temp\jkos-dan\engine\bases\verdicts ->  [Ver =  | Size = 4184 bytes | Modified Date = 11/3/2008 5:44:11 PM | Attr =    ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1NE3XW82\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1NE3XW82 ->  [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1NE3XW82\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\93VH5UB3\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\93VH5UB3 ->  [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\93VH5UB3\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AT47096K\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AT47096K ->  [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AT47096K\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\BTPEIQ4A\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\BTPEIQ4A ->  [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\BTPEIQ4A\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JT9LHEIQ\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JT9LHEIQ ->  [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JT9LHEIQ\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PUGNI0UY\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PUGNI0UY ->  [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PUGNI0UY\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\TIM6QC3I\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\TIM6QC3I ->  [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\TIM6QC3I\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WN27MQYP\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WN27MQYP ->  [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WN27MQYP\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
C:\WINDOWS\Temp\jkos-dan\binaries\ -> C:\WINDOWS\Temp\jkos-dan\binaries ->  [Folder | Modified Date = 11/3/2008 6:59:33 PM | Attr =    ]
ScanningProcess.exe -> C:\WINDOWS\Temp\jkos-dan\binaries\ScanningProcess -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr =    ]
C:\WINDOWS\Temp\jkos-dan\binaries\ -> C:\WINDOWS\Temp\jkos-dan\binaries ->  [Folder | Modified Date = 11/3/2008 6:59:33 PM | Attr =    ]
FSSync.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\FSSync.dll -> Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 11/3/2008 6:59:30 PM | Attr =    ]
ikave.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\ikave.dll ->  [Ver = 5, 0, 1, 83 | Size = 65536 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr =    ]
kave.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\kave.dll -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr =    ]
kosglue-7.0.25.0.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\kosglue-7.0.25.0.dll -> Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 11/3/2008 6:59:32 PM | Attr =    ]
msvcm80.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 479232 bytes | Modified Date = 11/3/2008 6:59:30 PM | Attr =    ]
msvcp80.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 548864 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr =    ]
msvcr80.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr =    ]
prLoader.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\prLoader.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 184320 bytes | Modified Date = 11/3/2008 6:59:32 PM | Attr =    ]
prremote.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\prremote.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 90112 bytes | Modified Date = 11/3/2008 6:59:32 PM | Attr =    ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 11/4/2008 5:13:57 PM | Attr =    ]
Perflib_Perfdata_158.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_158 ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/2/2008 11:56:16 AM | Attr =    ]
Perflib_Perfdata_584.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_584 ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/3/2008 5:28:14 PM | Attr =    ]
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies ->  [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\Cookies\index ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/2/2008 9:14:08 AM | Attr =  HS]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/2/2008 9:14:08 AM | Attr =  HS]
C:\WINDOWS\Temp\jkos-dan\engine\bases\ -> C:\WINDOWS\Temp\jkos-dan\engine\bases ->  [Folder | Modified Date = 11/3/2008 7:00:06 PM | Attr =    ]
sfdb.dat -> C:\WINDOWS\Temp\jkos-dan\engine\bases\sfdb ->  [Ver =  | Size = 84 bytes | Modified Date = 11/3/2008 7:00:21 PM | Attr =    ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/2/2008 9:14:08 AM | Attr =  HS]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 145 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
C:\WINDOWS\Temp\jkos-dan\binaries\ -> C:\WINDOWS\Temp\jkos-dan\binaries ->  [Folder | Modified Date = 11/3/2008 6:59:33 PM | Attr =    ]
_kave.ini -> C:\WINDOWS\Temp\jkos-dan\binaries\_kave ->  [Ver =  | Size = 102 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr =    ]
C:\WINDOWS\Temp\jkos-dan\engine\bases\ -> C:\WINDOWS\Temp\jkos-dan\engine\bases ->  [Folder | Modified Date = 11/3/2008 7:00:06 PM | Attr =    ]
verdicts.ini -> C:\WINDOWS\Temp\jkos-dan\engine\bases\verdicts ->  [Ver =  | Size = 4184 bytes | Modified Date = 11/3/2008 5:44:11 PM | Attr =    ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1NE3XW82\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1NE3XW82 ->  [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1NE3XW82\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\93VH5UB3\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\93VH5UB3 ->  [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\93VH5UB3\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AT47096K\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AT47096K ->  [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AT47096K\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\BTPEIQ4A\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\BTPEIQ4A ->  [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\BTPEIQ4A\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JT9LHEIQ\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JT9LHEIQ ->  [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JT9LHEIQ\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PUGNI0UY\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PUGNI0UY ->  [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PUGNI0UY\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\TIM6QC3I\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\TIM6QC3I ->  [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\TIM6QC3I\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WN27MQYP\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WN27MQYP ->  [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WN27MQYP\desktop ->  [Ver =  | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr =  HS]

< End of report >



Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 3

11/4/2008 5:12:15 PM
mbam-log-2008-11-04 (17-12-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 187147
Time elapsed: 2 hour(s), 13 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP971\A0164997.dll (Adware.PopCap) -> Quarantined and deleted successfully.
ddopson
Active Member
 
Posts: 12
Joined: October 25th, 2008, 3:48 pm
Advertisement
Register to Remove

Re: help please

Unread postby ktreffin » November 5th, 2008, 8:00 am

I'll try to have the next fix for you some time today. As you can see that OTViewIt log is humongous and is going to take a little bit to get through. Please hang in there.....

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: help please

Unread postby ktreffin » November 5th, 2008, 2:21 pm

Lets try something:

Open Internet Explorer go to Tools /Internet Options / and choose Reset All Zones to default, close and reopen IE, and run HJT again.

One other thing that I would like for you to check...Norton can actually prevent you from changing your home page:

http://www.solveithere.com/ie7/nortonho ... ction.html

Check this out and see what happens.

After you reset IE back to defaults, let me know if the 015 items in the HijackThis log are still there.
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: help please

Unread postby ddopson » November 5th, 2008, 11:04 pm

no good on either one. I don't have the home page option in Norton Internet Security and no changes will hold in IE. What if I uninstall IE and replace it with a new version?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:59 PM, on 11/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [McRegWiz] D:\i386\Apps\App01496\rgw\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b46479.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/St ... b41227.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 9209 bytes
ddopson
Active Member
 
Posts: 12
Joined: October 25th, 2008, 3:48 pm

Re: help please

Unread postby ktreffin » November 5th, 2008, 11:46 pm

I have one other thing to try. Please do the following:

Step #1: Backup the Windows Registry

  • Download Erunt to your desktop from here
  • Double-click on the file to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt
  • Accept the defaults for running a backup

Erunt will then backup your registry. This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done

*===============================================*

Step #2: Create registry fix

To create the registry fix, please do the following:
  • Copy the contents of the Code Box below to Notepad.
  • Open Notepad by doing the following:
    • Click Start
    • Choose Run
    • in the box that opens type notepad.exe and click OK
    Code: Select all
    REGEDIT4 
    
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
    @="http://"
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
    "ftp"="ftp://"
    "gopher"="gopher://"
    "home"="http://"
    "mosaic"="http://"
    "www"="http://"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
    @=""
    "http"=dword:00000003
    "https"=dword:00000003
    "ftp"=dword:00000003
    "file"=dword:00000003
    "@ivt"=dword:00000001
    "shell"=dword:00000000
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
    @=""
    "http"=dword:00000003
    "https"=dword:00000003
    "ftp"=dword:00000003
    "file"=dword:00000003
    "@ivt"=dword:00000001
    "shell"=dword:00000000
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
  • Make sure there are NO blank lines before REGEDIT4
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop

Double-click the fix.reg file and when it prompts to merge say yes.

*===============================================*

Step #3: Things to put in your next reply

Please post the following in your next reply:
  • A New Hijack This Log
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: help please

Unread postby ddopson » November 8th, 2008, 12:47 pm

Fix.reg returned the following message "Cannot import C:\Documents and Settings\Owner\Desktop\fix.reg: Error accessing the registry.

I did remove IE 7, but there really is no change in things. I also read something about issues with SP3, any chance that may be it? I actually tried to remove it, but the system won't let me. In fact, I cannot change settings in any Microsoft programs at all. It is almost like this is a new install (MS Office is showing up under start, programs, but when I tried to open Word, it is asking for name and initials, and outlook wants to install but it can't) and I don't have admin rights...


Here is the HJT anyway:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:06 AM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [McRegWiz] D:\i386\Apps\App01496\rgw\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b46479.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/St ... b41227.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 9019 bytes
ddopson
Active Member
 
Posts: 12
Joined: October 25th, 2008, 3:48 pm

Re: help please

Unread postby ddopson » November 9th, 2008, 8:55 pm

I was able to get RSIT to run. I have uninstalled Win XP SP3. That is all that has changed however.

Logfile of random's system information tool 1.04 (written by random/random)
Run by dan at 2008-11-09 19:53:45
Microsoft Windows XP Professional Service Pack 2
System drive C: has 148 GB (63%) free of 234 GB
Total RAM: 502 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:48 PM, on 11/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\dan\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\dan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [McRegWiz] D:\i386\Apps\App01496\rgw\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b46479.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/St ... b41227.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 9743 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - dan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-11-22 399352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-03-21 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-11-22 399352]
{53E0B6E8-A51D-448B-B692-40B67B285543}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-10-21 77824]
"ShowWnd"=C:\WINDOWS\ShowWnd.exe [2003-09-19 36864]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-03-09 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"McRegWiz"=D:\i386\Apps\App01496\rgw\mcregwiz.exe [2004-11-24 139264]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-12-01 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-12-01 126976]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-08-12 61952]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2004-05-17 543232]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-06-14 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe [2008-02-07 718704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-04-29 158624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NoIE4StubProcessing"=C:\WINDOWS\system32\reg.exe [2004-08-10 50176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxsrvc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-10 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1154793786\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1154793786\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1154793786\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1154793786\ee\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
"C:\WINDOWS\LMI16F.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI16F.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-08 17:37:59 ----D---- C:\Program Files\Common Files\ODBC
2008-11-08 17:09:29 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-08 16:15:04 ----D---- C:\Program Files\Support Tools
2008-11-08 15:55:47 ----A---- C:\WINDOWS\system32\simptcp.dll
2008-11-08 14:54:58 ----D---- C:\WINDOWS\Prefetch
2008-11-08 13:48:44 ----D---- C:\Program Files\xerox
2008-11-08 13:48:44 ----D---- C:\Program Files\microsoft frontpage
2008-11-08 11:55:43 ----HDC---- C:\WINDOWS\ie7
2008-11-08 10:38:52 ----D---- C:\Program Files\ERUNT
2008-11-07 16:34:52 ----D---- C:\WINDOWS\temp
2008-11-07 16:34:52 ----A---- C:\ComboFix.txt
2008-11-07 16:30:06 ----D---- C:\ComboFix
2008-11-07 16:27:53 ----SHD---- C:\RECYCLER
2008-11-07 16:26:55 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-07 15:32:15 ----D---- C:\Inetpub
2008-11-03 17:28:06 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-03 17:02:26 ----D---- C:\Documents and Settings\dan\Application Data\Mozilla
2008-11-03 17:02:13 ----D---- C:\Program Files\Mozilla Firefox
2008-11-02 09:11:45 ----A---- C:\log.txt
2008-11-02 09:00:37 ----A---- C:\WINDOWS\zip.exe
2008-11-02 09:00:37 ----A---- C:\WINDOWS\VFIND.exe
2008-11-02 09:00:37 ----A---- C:\WINDOWS\SWREG.exe
2008-11-02 09:00:37 ----A---- C:\WINDOWS\sed.exe
2008-11-02 09:00:37 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-02 09:00:37 ----A---- C:\WINDOWS\grep.exe
2008-11-02 09:00:37 ----A---- C:\WINDOWS\fdsv.exe
2008-11-02 09:00:36 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-02 09:00:36 ----A---- C:\WINDOWS\SWSC.exe
2008-11-02 09:00:23 ----D---- C:\WINDOWS\ERDNT
2008-11-02 09:00:23 ----AD---- C:\Qoobox
2008-10-29 17:01:10 ----D---- C:\rsit
2008-10-28 21:00:54 ----D---- C:\Documents and Settings\dan\Application Data\Malwarebytes
2008-10-28 21:00:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 21:00:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-25 15:26:19 ----D---- C:\Program Files\Trend Micro
2008-10-25 13:28:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 02:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-11-09 19:43:32 ----D---- C:\WINDOWS\Registration
2008-11-09 19:43:02 ----D---- C:\WINDOWS
2008-11-09 19:42:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-09 19:40:22 ----D---- C:\WINDOWS\security
2008-11-09 19:40:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-09 19:40:01 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2008-11-09 16:33:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-08 18:07:11 ----D---- C:\WINDOWS\system32
2008-11-08 18:04:27 ----D---- C:\WINDOWS\system32\drivers
2008-11-08 17:42:09 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-08 17:40:59 ----HD---- C:\WINDOWS\inf
2008-11-08 17:40:59 ----D---- C:\Program Files\Messenger
2008-11-08 17:40:46 ----DC---- C:\WINDOWS\system32\dllcache
2008-11-08 17:40:34 ----A---- C:\WINDOWS\imsins.BAK
2008-11-08 17:40:00 ----D---- C:\WINDOWS\system32\en-US
2008-11-08 17:40:00 ----D---- C:\Program Files\Internet Explorer
2008-11-08 17:38:37 ----SHD---- C:\WINDOWS\Installer
2008-11-08 17:37:59 ----D---- C:\Program Files\Common Files
2008-11-08 17:37:06 ----D---- C:\WINDOWS\ie7updates
2008-11-08 17:36:54 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-08 17:35:59 ----D---- C:\WINDOWS\WinSxS
2008-11-08 17:35:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-08 16:29:20 ----D---- C:\WINDOWS\network diagnostic
2008-11-08 16:18:33 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-08 16:15:11 ----D---- C:\WINDOWS\Help
2008-11-08 16:15:04 ----D---- C:\Program Files
2008-11-08 16:11:49 ----D---- C:\WINDOWS\I386
2008-11-08 15:57:37 ----SHD---- C:\System Volume Information
2008-11-08 15:07:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-08 14:57:27 ----D---- C:\Program Files\Windows Media Player
2008-11-08 14:53:47 ----D---- C:\WINDOWS\system32\wbem
2008-11-08 14:53:47 ----D---- C:\WINDOWS\AppPatch
2008-11-08 14:53:46 ----D---- C:\WINDOWS\system32\Setup
2008-11-08 14:53:39 ----RSD---- C:\WINDOWS\Fonts
2008-11-08 14:49:43 ----RSD---- C:\WINDOWS\assembly
2008-11-08 14:47:03 ----D---- C:\WINDOWS\system32\usmt
2008-11-08 14:46:56 ----D---- C:\WINDOWS\system32\Restore
2008-11-08 14:46:54 ----D---- C:\WINDOWS\system32\oobe
2008-11-08 14:46:52 ----D---- C:\WINDOWS\system32\npp
2008-11-08 14:46:39 ----D---- C:\WINDOWS\system32\Com
2008-11-08 14:44:12 ----D---- C:\WINDOWS\system
2008-11-08 14:44:12 ----D---- C:\WINDOWS\srchasst
2008-11-08 14:44:11 ----D---- C:\WINDOWS\PeerNet
2008-11-08 14:44:09 ----D---- C:\WINDOWS\mui
2008-11-08 14:44:06 ----D---- C:\WINDOWS\msagent
2008-11-08 14:43:53 ----D---- C:\WINDOWS\ime
2008-11-08 14:43:44 ----D---- C:\Program Files\Windows NT
2008-11-08 14:43:44 ----D---- C:\Program Files\Outlook Express
2008-11-08 14:43:42 ----D---- C:\Program Files\NetMeeting
2008-11-08 14:43:38 ----D---- C:\Program Files\Movie Maker
2008-11-08 14:43:26 ----D---- C:\Program Files\Common Files\System
2008-11-08 14:42:51 ----D---- C:\WINDOWS\system32\scripting
2008-11-08 14:42:51 ----D---- C:\WINDOWS\system32\en
2008-11-08 14:42:49 ----D---- C:\WINDOWS\system32\bits
2008-11-08 14:41:50 ----D---- C:\WINDOWS\l2schemas
2008-11-08 14:38:38 ----SD---- C:\WINDOWS\Tasks
2008-11-08 13:25:14 ----D---- C:\Program Files\TaxCut06
2008-11-08 13:20:52 ----A---- C:\WINDOWS\QUICKEN.INI
2008-11-08 13:20:51 ----D---- C:\Program Files\QUICKENW
2008-11-08 13:12:45 ----D---- C:\Program Files\Yahoo!
2008-11-08 13:12:36 ----D---- C:\Program Files\QuickTime
2008-11-08 13:12:34 ----D---- C:\Program Files\palmOne
2008-11-08 13:12:28 ----D---- C:\Program Files\Google
2008-11-08 13:12:24 ----D---- C:\Program Files\Common Files\Real
2008-11-08 13:12:23 ----D---- C:\Program Files\Common Files\AOL
2008-11-08 11:57:19 ----D---- C:\WINDOWS\WBEM
2008-11-08 11:57:00 ----D---- C:\WINDOWS\Media
2008-11-08 10:31:55 ----A---- C:\WINDOWS\ODBC.INI
2008-11-07 16:33:07 ----A---- C:\WINDOWS\system.ini
2008-11-07 16:19:09 ----D---- C:\Documents and Settings
2008-11-04 20:17:11 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-02 09:03:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-28 11:59:32 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-10-27 20:50:38 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-22 19:36:14 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-10 06:13:59 ----D---- C:\Documents and Settings\dan\Application Data\U3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-18 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-18 2560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 BCMNTIO;BCMNTIO; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys []
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 MAPMEM;MAPMEM; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 40704]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-12-01 776637]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-10-27 2297984]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081109.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081109.003\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20081108.003\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-10 42496]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\E:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-08-12 113664]
S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [2006-01-19 17280]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-10 40320]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-05-20 16694]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 330240]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-09 611664]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-05-20 172032]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 61856]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-06-14 323584]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-03-21 1245064]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-04-29 5065120]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 245664]

-----------------EOF-----------------
ddopson
Active Member
 
Posts: 12
Joined: October 25th, 2008, 3:48 pm

Re: help please

Unread postby ktreffin » November 9th, 2008, 10:38 pm

Great, thanks for the RSIT log. I am sorry for the delay with this. I will look at it and post a new fix for you in the morning.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: help please

Unread postby ktreffin » November 10th, 2008, 7:43 pm

Did all of the things that are happening now begin after the SP3 install? It is very possible that the SP3 upgrade may have borked some things. It is not unheard of especially if Anti-Virus programs weren't disabled, etc......

Chances are that the registry fix didn't work because you don't have Admin rights...Is there more than one account on the computer? Is it possible for you to log in under as the Administrator?

I really am not seeing any signs of Malware or any infection that may be causing this. This leads me to believe that somewhere along the way, either by the installation of SP3, or possibly from the malware that was on your system, important files became corrupted along the way...

At this stage, I think it might be a good idea if you were to consider a General Troubleshooting forum which may be able to assist you a little better. I suggest you use one of the following links that may be able to help you...

http://forums.whatthetech.com/forums.html
http://www.techguy.org/
http://www.bleepingcomputer.com/forums/

If you decide to use one of these other forums, please be sure to register there first. Also, please inform the helper that your system has been cleaned at MWR and has been determined to be malware free.

This may be worth a shot, possibly an expert may be able to see what happened, and hopefully get this squared away for you. Let me know what you decide.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: help please

Unread postby NonSuch » November 15th, 2008, 4:44 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 19 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware