http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=33474 File:: C:\WINDOWS\Tasks\RegCure Program Check.job C:\WINDOWS\Tasks\RegCure.job Folder:: C:\Program Files\RegCure C:\Documents and Settings\Robert Masiak\WINDOWS C:\Program Files\rjtneeg C:\Program Files\xkrevvf C:\Program Files\ngurrd C:\Documents and Settings\All Users\Application Data\jkxqfwxc Collect::[4] C:\WINDOWS\system32\agabofu.pif C:\WINDOWS\system32\wujipucih.db C:\WINDOWS\osyde._sy C:\WINDOWS\system32\orycocuq.vbs C:\WINDOWS\qyto.vbs C:\WINDOWS\fani.com C:\Documents and Settings\All Users\Application Data\sizano.pif C:\WINDOWS\pogipadu._sy C:\Program Files\Common Files\vutuca.exe C:\WINDOWS\veko.inf C:\WINDOWS\nirax.sys C:\WINDOWS\wiboxo.bin C:\Documents and Settings\Susan Luling\Application Data\gaka.vbs C:\WINDOWS\system32\cuqimowetu.dat C:\Program Files\Common Files\yxyjeky.com C:\WINDOWS\ajihyg.bat C:\Documents and Settings\Susan Luling\Application Data\fatamurizy.bat C:\Documents and Settings\Susan Luling\Application Data\ruwily.exe C:\Program Files\Common Files\ywiho.bin C:\Documents and Settings\All Users\Application Data\lupoc.scr C:\Documents and Settings\All Users\Application Data\gedamyvin.dll C:\Program Files\Common Files\tavavek.com C:\WINDOWS\Klmamsqo.ini C:\Program Files\Common Files\vuqiz.lib C:\Program Files\Common Files\yxewy._dl C:\WINDOWS\system32\ejixihav.bat C:\Program Files\Common Files\gamig.lib C:\WINDOWS\agowaqoco.dll C:\WINDOWS\yxogohery.sys C:\WINDOWS\lyvyrypiv.scr C:\Documents and Settings\Robert Masiak\Application Data\wklnhst.dat Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SDActiveMonitor"=- Driver:: SDActMon
File:: C:\Documents and Settings\All Users\Application Data\oxycinid.bin C:\Documents and Settings\All Users\Application Data\iqoqac.dat C:\WINDOWS\system32\agikoka.dat C:\WINDOWS\lypuq.ban C:\WINDOWS\ceky.lib C:\WINDOWS\ujyxizurym.inf C:\WINDOWS\system32\obosijejin.dl C:\WINDOWS\system32\cujucyruha._sy C:\WINDOWS\system32\qekywubegi.lib Folder:: C:\Program Files\AskSBar C:\Program Files\SpyZooka Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=- [-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
- Identify Account: This is for user account: JoeSmith
- HijackThis log
- Statement regarding malware symptoms in that account.
- Identify Account: This is for user account: SuziSmith
- HijackThis log
- Statement regarding malware symptoms in that account.
OTScanIt logfile created on: 8/20/2008 11:55:38 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Admin\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 446.42 Mb Total Physical Memory | 207.42 Mb Available Physical Memory | 46.46% Memory free 1.03 Gb Paging File | 0.57 Gb Available in Paging File | 55.78% Paging File free Paging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 70.94 Gb Total Space | 42.33 Gb Free Space | 59.67% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BUDDYBOY Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.16 | Size = 68865 bytes | Modified Date = 6/12/2008 2:46:25 PM | Attr = ] avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.27 | Size = 149761 bytes | Modified Date = 8/15/2008 1:42:24 PM | Attr = ] creativelicensing.exe -> %CommonProgramFiles%\Creative Labs Shared\Service\CreativeLicensing.exe -> Creative Labs [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 10/13/2006 6:12:30 PM | Attr = ] ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 12:01:00 PM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9148 | Size = 155715 bytes | Modified Date = 8/23/2006 12:12:44 PM | Attr = ] washersvc.exe -> %ProgramFiles%\Webroot\Washer\WasherSvc.exe -> Webroot Software, Inc. [Ver = 6,5,5,155 | Size = 598856 bytes | Modified Date = 11/26/2007 2:47:40 PM | Attr = ] dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 94208 bytes | Modified Date = 10/5/2005 3:12:00 AM | Attr = ] stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.5143.0 nd491 cp1 | Size = 282624 bytes | Modified Date = 8/15/2006 2:38:14 AM | Attr = ] ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 10/31/2005 10:51:52 AM | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ] dlactrlw.exe -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr = ] googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [Ver = | Size = 169984 bytes | Modified Date = 10/13/2006 6:21:54 PM | Attr = ] googledesktopindex.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopIndex.exe -> [Ver = | Size = 555008 bytes | Modified Date = 10/13/2006 6:21:54 PM | Attr = ] clclean.0001 -> %UserProfile%\Local Settings\temp\clclean.0001 -> Macrovision Europe Ltd. [Ver = 1, 0, 0, 1 | Size = 59964 bytes | Modified Date = 8/20/2008 7:09:24 AM | Attr = ] googledesktopdisplay.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopDisplay.exe -> [Ver = | Size = 415744 bytes | Modified Date = 10/13/2006 6:21:54 PM | Attr = ] avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 8.00.70.02 | Size = 266497 bytes | Modified Date = 6/12/2008 2:28:45 PM | Attr = ] dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 2, 1, 3, 173 | Size = 389120 bytes | Modified Date = 7/16/2006 9:29:54 PM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/3/2007 9:36:47 AM | Attr = ] nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 11/16/2006 7:04:20 PM | Attr = ] linksysagent.exe -> %ProgramFiles%\Linksys EasyLink Advisor\LinksysAgent.exe -> Linksys, a Division of Cisco Systems, Inc. [Ver = 3, 0, 0, 197 | Size = 454784 bytes | Modified Date = 3/15/2007 7:16:42 PM | Attr = ] nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 884736 bytes | Modified Date = 11/16/2006 6:58:32 PM | Attr = ] wwdisp.exe -> %ProgramFiles%\Webroot\Washer\wwDisp.exe -> Webroot Software, Inc. [Ver = 6,5,5,155 | Size = 1206600 bytes | Modified Date = 11/26/2007 2:47:30 PM | Attr = ] dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 2:06:00 AM | Attr = R ] hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr = ] setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.40.88 | Size = 789008 bytes | Modified Date = 1/9/2008 1:32:08 PM | Attr = ] khalmnpr.exe -> %CommonProgramFiles%\Logishrd\KHAL2\KHALMNPR.exe -> Logitech, Inc. [Ver = 4.40.53 | Size = 55824 bytes | Modified Date = 1/9/2008 1:28:58 PM | Attr = ] hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 239320 bytes | Modified Date = 2/19/2006 5:24:52 AM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.16: 2008070205 | Size = 7667312 bytes | Modified Date = 7/19/2008 2:25:37 PM | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 3/3/2006 9:03:10 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.16 | Size = 68865 bytes | Modified Date = 6/12/2008 2:46:25 PM | Attr = ] (AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.27 | Size = 149761 bytes | Modified Date = 8/15/2008 1:42:24 PM | Attr = ] (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> -> File not found (Creative Labs Licensing Service) Creative Labs Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Creative Labs Shared\Service\CreativeLicensing.exe -> Creative Labs [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 10/13/2006 6:12:30 PM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 12:01:00 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/31/2007 7:06:49 PM | Attr = ] (HP Port Resolver) HP Port Resolver [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\spool\drivers\w32x86\3\HPBPRO.EXE -> Hewlett-Packard Company [Ver = 1, 0, 50, 0 | Size = 81920 bytes | Modified Date = 5/20/2005 11:37:12 AM | Attr = ] (HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\spool\drivers\w32x86\3\HPBOID.EXE -> Hewlett-Packard Company [Ver = 1, 0, 46, 0 | Size = 73728 bytes | Modified Date = 10/16/2004 6:31:06 AM | Attr = ] (LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Logishrd\Bluetooth\LBTServ.exe -> Logitech, Inc. [Ver = 4.40.88 | Size = 121360 bytes | Modified Date = 1/9/2008 1:30:08 PM | Attr = ] (NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 2, 0 | Size = 774144 bytes | Modified Date = 11/10/2006 7:18:02 PM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9148 | Size = 155715 bytes | Modified Date = 8/23/2006 12:12:44 PM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 3/3/2006 9:03:10 PM | Attr = ] (WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 3577192 bytes | Modified Date = 7/28/2008 4:43:50 PM | Attr = ] (wwEngineSvc) Window Washer Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Washer\WasherSvc.exe -> Webroot Software, Inc. [Ver = 6,5,5,155 | Size = 598856 bytes | Modified Date = 11/26/2007 2:47:40 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> Avira GmbH [Ver = 8.00.70.02 | Size = 266497 bytes | Modified Date = 6/12/2008 2:28:45 PM | Attr = ] CTSysVol -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe ["C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r] -> Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 10/31/2005 10:51:52 AM | Attr = ] DLA -> %SystemRoot%\system32\DLA\DLACTRLW.EXE ["C:\WINDOWS\System32\DLA\DLACTRLW.EXE"] -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr = ] DMXLauncher -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe ["C:\Program Files\Dell\Media Experience\DMXLauncher.exe"] -> [Ver = | Size = 94208 bytes | Modified Date = 10/5/2005 3:12:00 AM | Attr = ] Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [Ver = | Size = 169984 bytes | Modified Date = 10/13/2006 6:21:54 PM | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ] Kernel and Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe ["C:\WINDOWS\KHALMNPR.EXE"] -> Logitech, Inc. [Ver = 4.40.53 | Size = 55824 bytes | Modified Date = 11/29/2007 3:17:20 AM | Attr = ] MBMon -> %SystemRoot%\system32\CTMBHA.DLL ["C:\WINDOWS\system32\rundll32.exe" CTMBHA.DLL,MBMon] -> [Ver = 1.0.1.330 | Size = 1355042 bytes | Modified Date = 6/28/2006 11:12:00 PM | Attr = ] NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe ["C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"] -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 3:40:44 PM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll ["C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9148 | Size = 7630848 bytes | Modified Date = 8/23/2006 12:12:40 PM | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll ["C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9148 | Size = 86016 bytes | Modified Date = 8/23/2006 12:12:42 PM | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe ["C:\WINDOWS\system32\nwiz.exe" /install] -> [Ver = | Size = 1617920 bytes | Modified Date = 8/23/2006 12:12:46 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 10/13/2006 6:16:03 PM | Attr = ] SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe ["C:\WINDOWS\stsystra.exe"] -> SigmaTel, Inc. [Ver = 1.0.5143.0 nd491 cp1 | Size = 282624 bytes | Modified Date = 8/15/2006 2:38:14 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/14/2006 12:31:10 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 11/16/2006 7:04:20 PM | Attr = ] DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> Gteko Ltd. [Ver = 2, 1, 3, 173 | Size = 389120 bytes | Modified Date = 7/16/2006 9:29:54 PM | Attr = ] EasyLinkAdvisor -> %ProgramFiles%\Linksys EasyLink Advisor\LinksysAgent.exe ["C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup] -> Linksys, a Division of Cisco Systems, Inc. [Ver = 3, 0, 0, 197 | Size = 454784 bytes | Modified Date = 3/15/2007 7:16:42 PM | Attr = ] SetDefaultMIDI -> %SystemRoot%\MIDIDEF.EXE [MIDIDef.exe] -> Creative Technology Ltd [Ver = 2, 9, 0, 4 | Size = 24576 bytes | Modified Date = 12/22/2004 4:40:02 AM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/3/2007 9:36:47 AM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ] Window Washer -> %ProgramFiles%\Webroot\Washer\wwDisp.exe ["C:\Program Files\Webroot\Washer\wwDisp.exe"] -> Webroot Software, Inc. [Ver = 6,5,5,155 | Size = 1206600 bytes | Modified Date = 11/26/2007 2:47:30 PM | Attr = ] < RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> Index Washer -> %ProgramFiles%\Webroot\Washer\WashIdx.exe [C:\Program Files\Webroot\Washer\WashIdx.exe "Admin"] -> Webroot Software, Inc. [Ver = 1.0.1.273 | Size = 55624 bytes | Modified Date = 11/26/2007 2:47:42 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 11/16/2006 7:04:20 PM | Attr = ] DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> Gteko Ltd. [Ver = 2, 1, 3, 173 | Size = 389120 bytes | Modified Date = 7/16/2006 9:29:54 PM | Attr = ] EasyLinkAdvisor -> %ProgramFiles%\Linksys EasyLink Advisor\LinksysAgent.exe ["C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup] -> Linksys, a Division of Cisco Systems, Inc. [Ver = 3, 0, 0, 197 | Size = 454784 bytes | Modified Date = 3/15/2007 7:16:42 PM | Attr = ] SetDefaultMIDI -> %SystemRoot%\MIDIDEF.EXE [MIDIDef.exe] -> Creative Technology Ltd [Ver = 2, 9, 0, 4 | Size = 24576 bytes | Modified Date = 12/22/2004 4:40:02 AM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/3/2007 9:36:47 AM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ] Window Washer -> %ProgramFiles%\Webroot\Washer\wwDisp.exe ["C:\Program Files\Webroot\Washer\wwDisp.exe"] -> Webroot Software, Inc. [Ver = 6,5,5,155 | Size = 1206600 bytes | Modified Date = 11/26/2007 2:47:30 PM | Attr = ] < RunOnce [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> Index Washer -> %ProgramFiles%\Webroot\Washer\WashIdx.exe [C:\Program Files\Webroot\Washer\WashIdx.exe "Admin"] -> Webroot Software, Inc. [Ver = 1.0.1.273 | Size = 55624 bytes | Modified Date = 11/26/2007 2:47:42 PM | Attr = ] < Admin Startup Folder > -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 4:06:48 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.1.0.2008042300 | Size = 29696 bytes | Modified Date = 4/23/2008 3:38:16 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Billminder.lnk -> %ProgramFiles%\Quicken\billmind.exe -> Intuit [Ver = 008.000.000.000 | Size = 36864 bytes | Modified Date = 7/30/2002 3:02:26 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 2:06:00 AM | Attr = R ] %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.40.88 | Size = 789008 bytes | Modified Date = 1/9/2008 1:32:08 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 53248 bytes | Modified Date = 7/30/2002 3:02:40 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Quicken Startup.lnk -> %ProgramFiles%\Quicken\QWDLLS.EXE -> Intuit [Ver = 001.000.000.000 | Size = 36864 bytes | Modified Date = 7/30/2002 3:02:42 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Robert Masiak Startup Folder > -> C:\Documents and Settings\Robert Masiak\Start Menu\Programs\Startup -> < Susan Luling Startup Folder > -> C:\Documents and Settings\Susan Luling\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [Ver = | Size = 111616 bytes | Modified Date = 10/13/2006 6:21:54 PM | Attr = ] *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 10:34:01 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceClassicControlPanel -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceClassicControlPanel -> 1 -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_CDRWDVD_CRX310S____________________VDK2____\3032363038303930303032303930303520202020 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 8/10/2004 1:04:08 PM | Attr = ] < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013 -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013 -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\: Main\\Local Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\: Main\\Start Page -> http://www.google.com/ -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> online_musicmatch.com [https] -> Trusted sites -> 2 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\] > -> HKEY_USERS\S-1-5-21-1250652983-273169350-1701214713-1007\Software\Microsoft\Internet Explorer\MenuExt\ -> eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {8237CEDF-3602-438D-9C98-E640943A4B4B} -> (Broadcom 440x 10/100 Integrated Controller) -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {493ACF15-5CD9-4474-82A6-91670C3DD66E}[HKEY_LOCAL_MACHINE] -> http://www.linkedin.com/cab/LinkedInContactFinderControl.cab[LinkedIn ContactFinderControl] -> {54BE6B6F-3056-470B-97E1-BB92E051B6C4}[HKEY_LOCAL_MACHINE] -> http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab[DeviceEnum Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7}[HKEY_LOCAL_MACHINE] -> http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AnagramLib.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AnagramLib.dll\\.Owner -> {493ACF15-5CD9-4474-82A6-91670C3DD66E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AnagramLib.dll\\{493ACF15-5CD9-4474-82A6-91670C3DD66E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fixengine.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fixengine.dll\\.Owner -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fixengine.dll\\{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpbasicdetection3.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpbasicdetection3.dll\\.Owner -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpbasicdetection3.dll\\{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPCommunication.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPCommunication.dll\\.Owner -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPCommunication.dll\\{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPeDiag.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPeDiag.dll\\.Owner -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPeDiag.dll\\{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpscripting.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpscripting.dll\\.Owner -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpscripting.dll\\{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/InternetUtil2.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/InternetUtil2.dll\\.Owner -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/InternetUtil2.dll\\{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dat\\.Owner -> {493ACF15-5CD9-4474-82A6-91670C3DD66E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dat\\{493ACF15-5CD9-4474-82A6-91670C3DD66E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dll\\.Owner -> {493ACF15-5CD9-4474-82A6-91670C3DD66E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dll\\{493ACF15-5CD9-4474-82A6-91670C3DD66E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rulesengine.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rulesengine.dll\\.Owner -> {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rulesengine.dll\\{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} -> -> [Files/Folders - Created Within 30 days] Boot.bak -> %SystemDrive%\Boot.bak -> [Ver = | Size = 211 bytes | Created Date = 8/11/2008 8:58:00 PM | Attr = ] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 8/11/2008 8:57:40 PM | Attr = ] cmldr -> %SystemDrive%\cmldr -> [Ver = | Size = 260272 bytes | Created Date = 8/11/2008 8:57:55 PM | Attr = ] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Created Date = 8/3/2008 5:54:21 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 8/11/2008 7:06:17 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 8/17/2008 9:57:26 AM | Attr = HS] avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> Avira GmbH [Ver = 7.00.00.02 | Size = 45376 bytes | Created Date = 8/2/2008 7:30:54 AM | Attr = ] avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.02 | Size = 22336 bytes | Created Date = 8/2/2008 7:30:54 AM | Attr = ] avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> Avira GmbH [Ver = 1.00.2.31 | Size = 75072 bytes | Created Date = 8/2/2008 7:30:51 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/10/2008 4:25:11 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/10/2008 4:25:10 PM | Attr = ] ssfs0bbc.sys -> %SystemRoot%\System32\drivers\ssfs0bbc.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 29808 bytes | Created Date = 7/28/2008 4:44:00 PM | Attr = ] sshrmd.sys -> %SystemRoot%\System32\drivers\sshrmd.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 23152 bytes | Created Date = 7/28/2008 4:44:02 PM | Attr = ] ssidrv.sys -> %SystemRoot%\System32\drivers\ssidrv.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 166512 bytes | Created Date = 7/28/2008 4:44:02 PM | Attr = ] ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 8/2/2008 7:30:53 AM | Attr = ] SsiEfr.exe -> %SystemRoot%\System32\SsiEfr.exe -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 15208 bytes | Created Date = 7/28/2008 4:43:48 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 8/11/2008 7:06:39 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr = ] hpntwksetup.ini -> %SystemRoot%\hpntwksetup.ini -> [Ver = | Size = 49 bytes | Created Date = 8/19/2008 12:19:13 AM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr = ] temp -> %SystemRoot%\temp -> [Folder | Created Date = 8/14/2008 2:51:19 PM | Attr = ] Unwash6.exe -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.5.0.100 | Size = 194888 bytes | Created Date = 8/5/2008 12:04:13 AM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 8/11/2008 7:06:15 PM | Attr = ] [Files/Folders - Modified Within 30 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 281 bytes | Modified Date = 8/11/2008 8:58:00 PM | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 8/11/2008 8:58:00 PM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/19/2008 1:18:43 AM | Attr = H ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 8/10/2008 3:48:40 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 468176896 bytes | Modified Date = 8/20/2008 7:07:18 AM | Attr = HS] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 8/3/2008 11:20:14 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/14/2008 2:40:51 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 8/14/2008 2:51:00 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 8/17/2008 9:57:26 AM | Attr = HS] temp -> %SystemDrive%\temp -> [Folder | Modified Date = 8/19/2008 12:18:59 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/20/2008 7:10:38 AM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 8/14/2008 2:45:00 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 8/14/2008 2:45:00 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 7/30/2008 8:07:52 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 7/30/2008 8:07:56 PM | Attr = ] ssfs0bbc.sys -> %SystemRoot%\System32\drivers\ssfs0bbc.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 29808 bytes | Modified Date = 7/28/2008 4:44:00 PM | Attr = ] sshrmd.sys -> %SystemRoot%\System32\drivers\sshrmd.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 23152 bytes | Modified Date = 7/28/2008 4:44:02 PM | Attr = ] ssidrv.sys -> %SystemRoot%\System32\drivers\ssidrv.sys -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 166512 bytes | Modified Date = 7/28/2008 4:44:02 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 7/23/2008 9:51:05 AM | Attr = ] 27 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/14/2008 2:50:40 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 8/14/2008 2:43:10 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/14/2008 1:34:48 AM | Attr = HS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/14/2008 2:51:25 PM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 81191 bytes | Modified Date = 8/20/2008 7:09:20 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 62426 bytes | Modified Date = 8/2/2008 5:09:56 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 404310 bytes | Modified Date = 8/2/2008 5:09:56 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 473678 bytes | Modified Date = 8/2/2008 5:09:54 PM | Attr = ] SsiEfr.exe -> %SystemRoot%\System32\SsiEfr.exe -> Webroot Software, Inc. (www.webroot.com) [Ver = 4.0.1.298 | Size = 15208 bytes | Modified Date = 7/28/2008 4:43:48 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/14/2008 1:34:40 AM | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 8/14/2008 2:41:56 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/20/2008 7:07:21 AM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/11/2008 7:07:28 PM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 8/14/2008 2:42:42 PM | Attr = ] hpntwksetup.ini -> %SystemRoot%\hpntwksetup.ini -> [Ver = | Size = 49 bytes | Modified Date = 8/19/2008 12:19:13 AM | Attr = ] hpoins11.dat -> %SystemRoot%\hpoins11.dat -> [Ver = | Size = 116458 bytes | Modified Date = 8/19/2008 12:16:18 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/14/2008 1:34:43 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/14/2008 1:34:49 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/19/2008 1:18:43 AM | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 8/13/2008 12:56:49 AM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 8/1/2008 11:12:12 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/20/2008 11:53:56 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 8/9/2008 1:14:33 AM | Attr = H ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 8/14/2008 2:45:27 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/14/2008 2:51:26 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 8/12/2008 8:41:25 PM | Attr = S] temp -> %SystemRoot%\temp -> [Folder | Modified Date = 8/20/2008 7:12:46 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/20/2008 7:07:25 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 10/19/2006 6:21:26 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5524 bytes | Modified Date = 8/20/2008 7:08:54 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5524 bytes | Modified Date = 8/20/2008 7:08:54 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 12/26/2006 2:27:56 AM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 12/26/2006 2:27:56 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 1/6/2007 1:00:46 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/18/2006 10:03:38 AM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 162475 bytes | Modified Date = 11/18/2006 10:12:17 AM | Attr = ] < End of report >
Return to Infected? Virus, malware, adware, ransomware, oh my!
Users browsing this forum: No registered users and 257 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware