- Code: Select all
OTScanIt logfile created on: 11/4/2008 5:18:22 PM OTScanIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\dan\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: | Country: | Language: | Date Format: 501.77 Mb Total Physical Memory | 131.19 Mb Available Physical Memory | 26.15% Memory free 1.20 Gb Paging File | 0.65 Gb Available in Paging File | 54.04% Paging File free Paging file location(s): C:\pagefile.sys 756 1512; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228.64 Gb Total Space | 145.02 Gb Free Space | 63.43% Space Free | Partition Type: NTFS Drive D: | 4.23 Gb Total Space | 0.99 Gb Free Space | 23.48% Space Free | Partition Type: FAT32 Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: UPSTAIRS Current User Name: dan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On [Processes - Non-Microsoft Only] prismxl.sys -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 5/20/2005 5:47:29 AM | Attr = ] symlcsvc.exe -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 3/21/2008 2:18:34 PM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.3 | Size = 307712 bytes | Modified Date = 9/25/2008 8:51:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %SystemRoot%\System32\alg.exe -> File not found (AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> File not found (AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (Browser) Computer Browser [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\cisvc.exe -> File not found (ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\clipsrv.exe -> File not found (CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\ -> File not found (Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> File not found (dmserver) Logical Disk Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (Dot3svc) Wired AutoConfig [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (EapHost) Extensible Authentication Protocol Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (Eventlog) Event Log [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found (FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> File not found (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (hkmsvc) Health Key and Certificate Management Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %systemroot%\system32\imapi.exe -> File not found (lanmanserver) Server [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (MHN) MHN [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %systemroot%\system32\msiexec.exe -> File not found (napagent) Network Access Protection Agent [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde.exe -> File not found (NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde.exe -> File not found (Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found (Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found (NtmsSvc) Removable Storage [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found (PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found (PrismXL) PrismXL [Win32_Own | Auto | Running] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 5/20/2005 5:47:29 AM | Attr = ] (ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found (RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (RemoteRegistry) Remote Registry [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\locator.exe -> File not found (RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\rsvp.exe -> File not found (SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found (SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\SCardSvr.exe -> File not found (Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (SENS) System Event Notification [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (Spooler) Print Spooler [Win32_Own | Auto | Running] -> %SystemRoot%\system32\spoolsv.exe -> File not found (srservice) System Restore Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (SSDPSRV) SSDP Discovery Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (stisvc) Windows Image Acquisition (WIA) [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 3/21/2008 2:18:34 PM | Attr = ] (SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\smlogsvc.exe -> File not found (TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (TermService) Terminal Services [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\ -> File not found (Themes) Themes [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\ups.exe -> File not found (VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vssvc.exe -> File not found (W32Time) Windows Time [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (WebClient) WebClient [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %systemroot%\system32\svchost.exe -> File not found (WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (wscsvc) Security Center [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (WSearch) Windows Search [Win32_Own | Auto | Running] -> %systemroot%\system32\SearchIndexer.exe -> File not found (wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %systemroot%\system32\svchost.exe -> File not found (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (WZCSVC) Wireless Zero Configuration [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\ -> File not found [Driver Services - Non-Microsoft Only] (BCMNTIO) BCMNTIO [Kernel | Auto | Running] -> %SystemDrive%\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys -> [Ver = | Size = 3744 bytes | Modified Date = 3/5/2004 4:09:00 PM | Attr = ] (BRGSp50) BRGSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\BRGSp50.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.18.03 built by: WinDDK | Size = 20608 bytes | Modified Date = 6/8/2005 6:44:20 PM | Attr = ] (BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> E:\INSTAL~E\Core\BVRPMPR5.SYS -> File not found (catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found (MAPMEM) MAPMEM [Kernel | Auto | Running] -> %SystemDrive%\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys -> [Ver = | Size = 3904 bytes | Modified Date = 3/5/2004 4:09:02 PM | Attr = ] (mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 10:52:12 PM | Attr = ] (mxnic) Macronix MX987xx Family Fast Ethernet NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\mxnic.sys -> Macronix International Co., Ltd. [Ver = 2.12 (XPClient.010817-1148) | Size = 19968 bytes | Modified Date = 8/17/2001 3:49:32 PM | Attr = ] (PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\PalmUSBD.sys -> PalmSource, Inc. [Ver = 6, 0, 1, 0 | Size = 16694 bytes | Modified Date = 5/20/2008 8:24:44 PM | Attr = ] (Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 11:07:44 PM | Attr = ] (SunkFilt) Alcor Micro Corp Reader [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\sunkfilt.sys -> Alcor Micro Corp. [Ver = 2, 0, 5, 0 | Size = 36804 bytes | Modified Date = 11/15/2004 7:41:54 PM | Attr = ] (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wanatw4.sys -> File not found (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\zd1211Bu.sys -> ZyDAS Technology Corporation [Ver = 5, 2, 0, 0 | Size = 330240 bytes | Modified Date = 8/17/2005 2:43:20 PM | Attr = ] (ZDPSp50) ZDPSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\ZDPSp50.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.18.02 | Size = 17664 bytes | Modified Date = 10/25/2004 1:40:58 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> File not found Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> File not found ALUAlert -> %ProgramFiles%\Symantec\LiveUpdate\ALUNOTIFY [C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe] -> File not found ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> File not found CHotkey -> %SystemRoot%\zHotkey [zHotkey.exe] -> File not found ehTray -> %SystemRoot%\ehome\ehtray [C:\WINDOWS\ehome\ehtray.exe] -> File not found High Definition Audio Property Page Shortcut -> %SystemRoot%\system32\Hdaudpropshortcut [HDAudPropShortcut.exe] -> File not found HotKeysCmds -> %SystemRoot%\system32\hkcmd [C:\WINDOWS\system32\hkcmd.exe] -> File not found IgfxTray -> %SystemRoot%\system32\igfxtray [C:\WINDOWS\system32\igfxtray.exe] -> File not found iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper ["C:\Program Files\iTunes\iTunesHelper.exe"] -> File not found McRegWiz -> D:\i386\Apps\App01496\rgw\mcregwiz.exe [D:\i386\Apps\App01496\rgw\mcregwiz.exe /autorun] -> [Ver = | Size = 139264 bytes | Modified Date = 11/24/2004 12:12:20 PM | Attr = ] osCheck -> %ProgramFiles%\Norton Internet Security\osCheck ["C:\Program Files\Norton Internet Security\osCheck.exe"] -> File not found QuickTime Task -> %ProgramFiles%\QuickTime\qttask ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> File not found Recguard -> %SystemRoot%\SMINST\Recguard [%WINDIR%\SMINST\RECGUARD.EXE] -> File not found Reminder -> %SystemRoot%\creator\remind_xp [%WINDIR%\Creator\Remind_XP.exe] -> File not found RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> File not found ShowWnd -> %SystemRoot%\ShowWnd [ShowWnd.exe] -> File not found SoundMan -> %SystemRoot%\SOUNDMAN [SOUNDMAN.EXE] -> File not found SunJavaUpdateSched -> %ProgramFiles%\Java\jre6\bin\jusched ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> File not found Zune Launcher -> %ProgramFiles%\Zune\ZuneLauncher ["c:\Program Files\Zune\ZuneLauncher.exe"] -> File not found < Aaron Startup Folder > -> C:\Documents and Settings\Aaron\Start Menu\Programs\Startup -> -> %SystemDrive%\Documents and Settings\Aaron\Start Menu\Programs\Startup\desktop -> File not found < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> -> %SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop -> File not found < dan Startup Folder > -> C:\Documents and Settings\dan\Start Menu\Programs\Startup -> -> %UserProfile%\Start Menu\Programs\Startup\desktop -> File not found %UserProfile%\Start Menu\Programs\Startup\Norton Internet Security.lnk -> %CommonProgramFiles%\Symantec Shared\NPC\2.0\uiStub2 -> File not found < Deanna Startup Folder > -> C:\Documents and Settings\Deanna\Start Menu\Programs\Startup -> -> %SystemDrive%\Documents and Settings\Deanna\Start Menu\Programs\Startup\desktop -> File not found < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> -> %SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop -> File not found < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> %SystemDrive%\Documents and Settings\Owner\Start Menu\Programs\Startup\America Online 5.0 Tray Icon.lnk -> %SystemDrive%\America Online 5.0\aoltray.exe -> File not found -> %SystemDrive%\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop -> File not found < wat up g-dogg Startup Folder > -> C:\Documents and Settings\wat up g-dogg\Start Menu\Programs\Startup -> -> %SystemDrive%\Documents and Settings\wat up g-dogg\Start Menu\Programs\Startup\desktop -> File not found < IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> Your Image File Name Here without a path -> %SystemRoot%\system32\ntsd [Debugger] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer -> File not found *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit -> File not found *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui -> File not found *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011] > -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> -> File not found sclgntfy -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 227 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011] > -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> < CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom [system32\DRIVERS\cdrom.sys] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> < Drives with AutoRun files > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC [ NTFS ] -> File not found < HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: SearchURL\\ -> http://www.google.com/keyword/%s[gogl] -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: SearchURL\\ -> http://www.google.com/keyword/%s[gogl] -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\] > -> -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\] > -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\] > -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 11/22/2005 12:46:48 PM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr = ] {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 6/30/2008 12:44:04 PM | Attr = ] {6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.2.0.81 | Size = 116088 bytes | Modified Date = 3/21/2008 2:19:22 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> Sun Microsystems, Inc. [Ver = 6.0.100.33 | Size = 320920 bytes | Modified Date = 11/3/2008 5:27:43 PM | Attr = ] {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> Sun Microsystems, Inc. [Ver = 6.0.100.33 | Size = 34816 bytes | Modified Date = 11/3/2008 5:27:42 PM | Attr = ] {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> Sun Microsystems, Inc. [Ver = 6.0.100.33 | Size = 73728 bytes | Modified Date = 11/3/2008 5:27:45 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 6/30/2008 12:44:04 PM | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 11/22/2005 12:46:48 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> File not found &Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL -> File not found Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Translate into English -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> File not found &Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL -> File not found Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Translate into English -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\] > -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {046FBFD1-B44A-438E-B471-54C246F7A434} -> (Intel(R) PRO/100 VE Network Connection) -> {61B34C69-95F2-40CD-B754-84331F46E048} -> (1394 Net Adapter) -> {E7690667-4A5B-4011-9A81-80B98121DADB} -> ((ZD1211B)IEEE 802.11 b+g USB Adapter) -> < Default Protocols [HKEY_CURRENT_USER\] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\] - Select to Repair > -> HKEY_USERS\S-1-5-21-981979542-2029058817-806765301-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {05D44720-58E3-49E6-BDF6-D00330E511D3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab[StagingUI Object] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {1F2F4C9E-6F09-47BC-970D-3C54734667FE}[HKEY_LOCAL_MACHINE] -> http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab[Reg Error: Key does not exist or could not be opened.] -> {3BB54395-5982-4788-8AF4-B5388FFDD0D8}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab[ZoneBuddy Class] -> {5736C456-EA94-4AAC-BB08-917ABDD035B3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab[ZonePAChat Object] -> {644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> {6A344D34-5231-452A-8A57-D064AC9B7862}[HKEY_LOCAL_MACHINE] -> https://webdl.symantec.com/activex/symdlmgr.cab[Symantec Download Manager] -> {74C861A1-D548-4916-BC8A-FDE92EDFF62C}[HKEY_LOCAL_MACHINE] -> http://mediaplayer.walmart.com/installer/install.cab[Reg Error: Key does not exist or could not be opened.] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab[ZoneIntro Class] -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}[HKEY_LOCAL_MACHINE] -> http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab[Reg Error: Key does not exist or could not be opened.] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/StProxy.cab41227.cab[StadiumProxy Class] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/LSSupCtl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/LSSupCtl.dll\\.Owner -> {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/LSSupCtl.dll\\{1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LSSupCtl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LSSupCtl.dll\\.Owner -> {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LSSupCtl.dll\\{1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\.Owner -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\\.Owner -> {05D44720-58E3-49E6-BDF6-D00330E511D3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\\{05D44720-58E3-49E6-BDF6-D00330E511D3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\\.Owner -> {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\\.Owner -> {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\\.Owner -> {6A344D34-5231-452A-8A57-D064AC9B7862} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\\{6A344D34-5231-452A-8A57-D064AC9B7862} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\\.Owner -> {3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\\{3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\\.Owner -> {5736C456-EA94-4AAC-BB08-917ABDD035B3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\\{5736C456-EA94-4AAC-BB08-917ABDD035B3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\{6A344D34-5231-452A-8A57-D064AC9B7862} -> -> [Files/Folders - Created Within 60 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 11/2/2008 9:00:22 AM | Attr = ] Qoobox -> %SystemDrive%\Qoobox -> [Folder | Created Date = 11/2/2008 9:00:23 AM | Attr = ] rsit -> %SystemDrive%\rsit -> [Folder | Created Date = 10/29/2008 5:01:10 PM | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Created Date = 9/7/2008 12:06:24 PM | Attr = ] 16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> en -> %SystemRoot%\System32\en -> [Folder | Created Date = 9/7/2008 12:06:26 PM | Attr = ] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Created Date = 10/4/2008 7:51:50 PM | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 9/7/2008 12:06:31 PM | Attr = ] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 9/7/2008 11:46:26 AM | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 11/2/2008 9:00:23 AM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 11/2/2008 9:00:37 AM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 11/2/2008 9:00:37 AM | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 9/7/2008 12:06:29 PM | Attr = ] NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 11/2/2008 9:00:37 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 9/7/2008 1:11:29 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 9/6/2008 4:06:30 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 9/6/2008 4:06:30 PM | Attr = H ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 11/2/2008 9:00:37 AM | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 9/7/2008 12:00:10 PM | Attr = ] SWREG.exe -> %SystemRoot%\SWREG.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 11/2/2008 9:00:37 AM | Attr = ] SWSC.exe -> %SystemRoot%\SWSC.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 11/2/2008 9:00:36 AM | Attr = ] SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 11/2/2008 9:00:36 AM | Attr = ] VFIND.exe -> %SystemRoot%\VFIND.exe -> [Ver = | Size = 49152 bytes | Created Date = 11/2/2008 9:00:37 AM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 11/2/2008 9:00:37 AM | Attr = ] [Files/Folders - Modified Within 60 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 526213120 bytes | Modified Date = 11/2/2008 9:13:35 AM | Attr = HS] IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 1616 bytes | Modified Date = 10/28/2008 11:59:39 AM | Attr = H ] ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 250048 bytes | Modified Date = 9/7/2008 11:54:24 AM | Attr = RHS] 16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 274968 bytes | Modified Date = 10/15/2008 2:10:19 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 71426 bytes | Modified Date = 11/2/2008 9:18:43 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 430276 bytes | Modified Date = 11/2/2008 9:18:43 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 510896 bytes | Modified Date = 11/2/2008 9:18:43 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 11/2/2008 10:05:14 AM | Attr = ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/2/2008 9:13:41 AM | Attr = S] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 4625 bytes | Modified Date = 10/22/2008 8:38:52 PM | Attr = ] msoffice.ini -> %SystemRoot%\msoffice.ini -> [Ver = | Size = 4 bytes | Modified Date = 10/4/2008 7:13:29 PM | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 10/8/2008 4:28:56 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 9/6/2008 4:06:30 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 10/7/2008 6:39:00 PM | Attr = H ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 243 bytes | Modified Date = 11/2/2008 9:06:37 AM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 598 bytes | Modified Date = 10/4/2008 7:13:36 PM | Attr = ] Norton Internet Security - Run Full System Scan - dan.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - dan.job -> [Ver = | Size = 618 bytes | Modified Date = 11/3/2008 8:03:48 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/2/2008 9:14:22 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs -> [Folder | Modified Date = 11/2/2008 9:14:36 AM | Attr = ] eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0 -> [Ver = | Size = 268 bytes | Modified Date = 8/14/2007 7:00:39 PM | Attr = H ] eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1 -> [Ver = | Size = 268 bytes | Modified Date = 8/14/2007 8:31:54 PM | Attr = H ] eHomeLog-10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-10 -> [Ver = | Size = 268 bytes | Modified Date = 8/25/2007 10:25:11 PM | Attr = H ] eHomeLog-11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-11 -> [Ver = | Size = 268 bytes | Modified Date = 8/25/2007 10:25:57 PM | Attr = H ] eHomeLog-12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-12 -> [Ver = | Size = 268 bytes | Modified Date = 8/26/2007 8:12:55 PM | Attr = H ] eHomeLog-13.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-13 -> [Ver = | Size = 268 bytes | Modified Date = 8/26/2007 8:30:38 PM | Attr = H ] eHomeLog-14.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-14 -> [Ver = | Size = 268 bytes | Modified Date = 8/26/2007 8:30:14 PM | Attr = H ] eHomeLog-15.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-15 -> [Ver = | Size = 268 bytes | Modified Date = 8/26/2007 10:12:29 PM | Attr = H ] eHomeLog-16.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-16 -> [Ver = | Size = 268 bytes | Modified Date = 8/27/2007 8:53:31 PM | Attr = H ] eHomeLog-17.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-17 -> [Ver = | Size = 268 bytes | Modified Date = 9/1/2007 10:11:54 AM | Attr = H ] eHomeLog-18.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-18 -> [Ver = | Size = 268 bytes | Modified Date = 9/3/2007 8:25:36 AM | Attr = H ] eHomeLog-19.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-19 -> [Ver = | Size = 268 bytes | Modified Date = 9/3/2007 9:02:12 AM | Attr = H ] eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2 -> [Ver = | Size = 268 bytes | Modified Date = 8/15/2007 9:29:50 PM | Attr = H ] eHomeLog-20.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-20 -> [Ver = | Size = 268 bytes | Modified Date = 9/3/2007 11:32:53 AM | Attr = H ] eHomeLog-21.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-21 -> [Ver = | Size = 268 bytes | Modified Date = 9/3/2007 8:34:11 PM | Attr = H ] eHomeLog-22.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-22 -> [Ver = | Size = 268 bytes | Modified Date = 9/7/2007 3:39:54 PM | Attr = H ] eHomeLog-23.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-23 -> [Ver = | Size = 268 bytes | Modified Date = 9/7/2007 3:40:22 PM | Attr = H ] eHomeLog-24.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-24 -> [Ver = | Size = 268 bytes | Modified Date = 9/7/2007 9:32:04 PM | Attr = H ] eHomeLog-25.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-25 -> [Ver = | Size = 268 bytes | Modified Date = 9/7/2007 9:45:40 PM | Attr = H ] eHomeLog-26.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-26 -> [Ver = | Size = 268 bytes | Modified Date = 9/8/2007 4:59:07 PM | Attr = H ] eHomeLog-27.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-27 -> [Ver = | Size = 268 bytes | Modified Date = 9/8/2007 6:05:23 PM | Attr = H ] eHomeLog-28.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-28 -> [Ver = | Size = 268 bytes | Modified Date = 9/8/2007 7:10:47 PM | Attr = H ] eHomeLog-29.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-29 -> [Ver = | Size = 268 bytes | Modified Date = 9/9/2007 7:21:05 PM | Attr = H ] eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3 -> [Ver = | Size = 268 bytes | Modified Date = 8/16/2007 9:26:45 PM | Attr = H ] eHomeLog-30.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-30 -> [Ver = | Size = 268 bytes | Modified Date = 9/14/2007 6:16:26 PM | Attr = H ] eHomeLog-31.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-31 -> [Ver = | Size = 268 bytes | Modified Date = 8/1/2007 2:21:26 PM | Attr = H ] eHomeLog-32.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-32 -> [Ver = | Size = 268 bytes | Modified Date = 8/1/2007 5:50:06 PM | Attr = H ] eHomeLog-33.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-33 -> [Ver = | Size = 268 bytes | Modified Date = 8/3/2007 4:42:33 PM | Attr = H ] eHomeLog-34.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-34 -> [Ver = | Size = 268 bytes | Modified Date = 8/6/2007 6:59:32 PM | Attr = H ] eHomeLog-35.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-35 -> [Ver = | Size = 268 bytes | Modified Date = 8/6/2007 8:02:06 PM | Attr = H ] eHomeLog-36.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-36 -> [Ver = | Size = 268 bytes | Modified Date = 8/6/2007 8:09:19 PM | Attr = H ] eHomeLog-37.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-37 -> [Ver = | Size = 268 bytes | Modified Date = 8/8/2007 7:09:35 PM | Attr = H ] eHomeLog-38.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-38 -> [Ver = | Size = 268 bytes | Modified Date = 8/9/2007 7:16:53 PM | Attr = H ] eHomeLog-39.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-39 -> [Ver = | Size = 268 bytes | Modified Date = 8/9/2007 9:49:50 PM | Attr = H ] eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4 -> [Ver = | Size = 268 bytes | Modified Date = 8/17/2007 6:21:17 PM | Attr = H ] eHomeLog-40.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-40 -> [Ver = | Size = 268 bytes | Modified Date = 8/10/2007 3:51:40 PM | Attr = H ] eHomeLog-41.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-41 -> [Ver = | Size = 268 bytes | Modified Date = 8/10/2007 6:35:09 PM | Attr = H ] eHomeLog-42.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-42 -> [Ver = | Size = 268 bytes | Modified Date = 8/11/2007 9:18:50 AM | Attr = H ] eHomeLog-43.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-43 -> [Ver = | Size = 268 bytes | Modified Date = 8/11/2007 8:11:46 PM | Attr = H ] eHomeLog-44.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-44 -> [Ver = | Size = 268 bytes | Modified Date = 8/12/2007 9:29:27 PM | Attr = H ] eHomeLog-45.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-45 -> [Ver = | Size = 268 bytes | Modified Date = 8/14/2007 6:03:48 PM | Attr = H ] eHomeLog-46.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-46 -> [Ver = | Size = 268 bytes | Modified Date = 8/14/2007 6:14:36 PM | Attr = H ] eHomeLog-47.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-47 -> [Ver = | Size = 268 bytes | Modified Date = 8/14/2007 6:47:18 PM | Attr = H ] eHomeLog-5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-5 -> [Ver = | Size = 268 bytes | Modified Date = 8/17/2007 6:22:21 PM | Attr = H ] eHomeLog-6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-6 -> [Ver = | Size = 268 bytes | Modified Date = 8/17/2007 10:25:11 PM | Attr = H ] eHomeLog-7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-7 -> [Ver = | Size = 268 bytes | Modified Date = 8/19/2007 12:55:23 PM | Attr = H ] eHomeLog-8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-8 -> [Ver = | Size = 268 bytes | Modified Date = 8/19/2007 8:52:57 PM | Attr = H ] eHomeLog-9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-9 -> [Ver = | Size = 268 bytes | Modified Date = 8/23/2007 5:58:14 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 10/6/2005 7:25:29 PM | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg -> [Ver = | Size = 9158 bytes | Modified Date = 5/9/2006 7:38:50 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 4/13/2005 12:46:35 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0 -> [Ver = | Size = 4646 bytes | Modified Date = 10/25/2008 1:23:39 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1 -> [Ver = | Size = 4232 bytes | Modified Date = 10/25/2008 1:23:39 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 5/11/2006 11:57:20 AM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11 -> [Ver = | Size = 11082 bytes | Modified Date = 5/11/2006 11:57:41 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc -> [Folder | Modified Date = 11/2/2008 9:14:57 AM | Attr = ] Perflib_Perfdata_2a8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_2a8 -> [Ver = | Size = 16384 bytes | Modified Date = 11/2/2008 9:14:57 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 6/6/2006 3:33:23 PM | Attr = ] CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU -> [Ver = | Size = 12 bytes | Modified Date = 5/17/2006 7:47:28 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat -> [Ver = | Size = 16384 bytes | Modified Date = 12/4/2005 12:04:20 PM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1 -> [Ver = | Size = 171310 bytes | Modified Date = 12/4/2005 12:45:20 PM | Attr = ] C:\WINDOWS\Temp\jkos-dan\binaries\ -> C:\WINDOWS\Temp\jkos-dan\binaries -> [Folder | Modified Date = 11/3/2008 6:59:33 PM | Attr = ] ScanningProcess.exe -> C:\WINDOWS\Temp\jkos-dan\binaries\ScanningProcess -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr = ] C:\WINDOWS\Temp\jkos-dan\binaries\ -> C:\WINDOWS\Temp\jkos-dan\binaries -> [Folder | Modified Date = 11/3/2008 6:59:33 PM | Attr = ] FSSync.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\FSSync.dll -> Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 11/3/2008 6:59:30 PM | Attr = ] ikave.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\ikave.dll -> [Ver = 5, 0, 1, 83 | Size = 65536 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr = ] kave.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\kave.dll -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr = ] kosglue-7.0.25.0.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\kosglue-7.0.25.0.dll -> Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 11/3/2008 6:59:32 PM | Attr = ] msvcm80.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 479232 bytes | Modified Date = 11/3/2008 6:59:30 PM | Attr = ] msvcp80.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 548864 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr = ] msvcr80.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr = ] prLoader.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\prLoader.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 184320 bytes | Modified Date = 11/3/2008 6:59:32 PM | Attr = ] prremote.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\prremote.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 90112 bytes | Modified Date = 11/3/2008 6:59:32 PM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 11/4/2008 5:13:57 PM | Attr = ] Perflib_Perfdata_158.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_158 -> [Ver = | Size = 16384 bytes | Modified Date = 11/2/2008 11:56:16 AM | Attr = ] Perflib_Perfdata_584.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_584 -> [Ver = | Size = 16384 bytes | Modified Date = 11/3/2008 5:28:14 PM | Attr = ] 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] index.dat -> C:\WINDOWS\Temp\Cookies\index -> [Ver = | Size = 16384 bytes | Modified Date = 11/2/2008 9:14:08 AM | Attr = HS] C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/2/2008 9:14:08 AM | Attr = HS] C:\WINDOWS\Temp\jkos-dan\engine\bases\ -> C:\WINDOWS\Temp\jkos-dan\engine\bases -> [Folder | Modified Date = 11/3/2008 7:00:06 PM | Attr = ] sfdb.dat -> C:\WINDOWS\Temp\jkos-dan\engine\bases\sfdb -> [Ver = | Size = 84 bytes | Modified Date = 11/3/2008 7:00:21 PM | Attr = ] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index -> [Ver = | Size = 16384 bytes | Modified Date = 11/2/2008 9:14:08 AM | Attr = HS] C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 145 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] C:\WINDOWS\Temp\jkos-dan\binaries\ -> C:\WINDOWS\Temp\jkos-dan\binaries -> [Folder | Modified Date = 11/3/2008 6:59:33 PM | Attr = ] _kave.ini -> C:\WINDOWS\Temp\jkos-dan\binaries\_kave -> [Ver = | Size = 102 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr = ] C:\WINDOWS\Temp\jkos-dan\engine\bases\ -> C:\WINDOWS\Temp\jkos-dan\engine\bases -> [Folder | Modified Date = 11/3/2008 7:00:06 PM | Attr = ] verdicts.ini -> C:\WINDOWS\Temp\jkos-dan\engine\bases\verdicts -> [Ver = | Size = 4184 bytes | Modified Date = 11/3/2008 5:44:11 PM | Attr = ] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1NE3XW82\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1NE3XW82 -> [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1NE3XW82\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\93VH5UB3\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\93VH5UB3 -> [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\93VH5UB3\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AT47096K\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AT47096K -> [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AT47096K\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\BTPEIQ4A\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\BTPEIQ4A -> [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\BTPEIQ4A\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JT9LHEIQ\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JT9LHEIQ -> [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JT9LHEIQ\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PUGNI0UY\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PUGNI0UY -> [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PUGNI0UY\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\TIM6QC3I\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\TIM6QC3I -> [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\TIM6QC3I\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WN27MQYP\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WN27MQYP -> [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WN27MQYP\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] C:\WINDOWS\Temp\jkos-dan\binaries\ -> C:\WINDOWS\Temp\jkos-dan\binaries -> [Folder | Modified Date = 11/3/2008 6:59:33 PM | Attr = ] ScanningProcess.exe -> C:\WINDOWS\Temp\jkos-dan\binaries\ScanningProcess -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr = ] C:\WINDOWS\Temp\jkos-dan\binaries\ -> C:\WINDOWS\Temp\jkos-dan\binaries -> [Folder | Modified Date = 11/3/2008 6:59:33 PM | Attr = ] FSSync.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\FSSync.dll -> Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 11/3/2008 6:59:30 PM | Attr = ] ikave.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\ikave.dll -> [Ver = 5, 0, 1, 83 | Size = 65536 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr = ] kave.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\kave.dll -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr = ] kosglue-7.0.25.0.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\kosglue-7.0.25.0.dll -> Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 11/3/2008 6:59:32 PM | Attr = ] msvcm80.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 479232 bytes | Modified Date = 11/3/2008 6:59:30 PM | Attr = ] msvcp80.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 548864 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr = ] msvcr80.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr = ] prLoader.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\prLoader.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 184320 bytes | Modified Date = 11/3/2008 6:59:32 PM | Attr = ] prremote.dll -> C:\WINDOWS\Temp\jkos-dan\binaries\prremote.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 90112 bytes | Modified Date = 11/3/2008 6:59:32 PM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 11/4/2008 5:13:57 PM | Attr = ] Perflib_Perfdata_158.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_158 -> [Ver = | Size = 16384 bytes | Modified Date = 11/2/2008 11:56:16 AM | Attr = ] Perflib_Perfdata_584.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_584 -> [Ver = | Size = 16384 bytes | Modified Date = 11/3/2008 5:28:14 PM | Attr = ] 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] index.dat -> C:\WINDOWS\Temp\Cookies\index -> [Ver = | Size = 16384 bytes | Modified Date = 11/2/2008 9:14:08 AM | Attr = HS] C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/2/2008 9:14:08 AM | Attr = HS] C:\WINDOWS\Temp\jkos-dan\engine\bases\ -> C:\WINDOWS\Temp\jkos-dan\engine\bases -> [Folder | Modified Date = 11/3/2008 7:00:06 PM | Attr = ] sfdb.dat -> C:\WINDOWS\Temp\jkos-dan\engine\bases\sfdb -> [Ver = | Size = 84 bytes | Modified Date = 11/3/2008 7:00:21 PM | Attr = ] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index -> [Ver = | Size = 16384 bytes | Modified Date = 11/2/2008 9:14:08 AM | Attr = HS] C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 145 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] C:\WINDOWS\Temp\jkos-dan\binaries\ -> C:\WINDOWS\Temp\jkos-dan\binaries -> [Folder | Modified Date = 11/3/2008 6:59:33 PM | Attr = ] _kave.ini -> C:\WINDOWS\Temp\jkos-dan\binaries\_kave -> [Ver = | Size = 102 bytes | Modified Date = 11/3/2008 6:59:31 PM | Attr = ] C:\WINDOWS\Temp\jkos-dan\engine\bases\ -> C:\WINDOWS\Temp\jkos-dan\engine\bases -> [Folder | Modified Date = 11/3/2008 7:00:06 PM | Attr = ] verdicts.ini -> C:\WINDOWS\Temp\jkos-dan\engine\bases\verdicts -> [Ver = | Size = 4184 bytes | Modified Date = 11/3/2008 5:44:11 PM | Attr = ] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1NE3XW82\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1NE3XW82 -> [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1NE3XW82\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\93VH5UB3\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\93VH5UB3 -> [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\93VH5UB3\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AT47096K\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AT47096K -> [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AT47096K\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\BTPEIQ4A\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\BTPEIQ4A -> [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\BTPEIQ4A\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JT9LHEIQ\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JT9LHEIQ -> [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JT9LHEIQ\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PUGNI0UY\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PUGNI0UY -> [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PUGNI0UY\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\TIM6QC3I\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\TIM6QC3I -> [Folder | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\TIM6QC3I\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:14:14 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WN27MQYP\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WN27MQYP -> [Folder | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WN27MQYP\desktop -> [Ver = | Size = 67 bytes | Modified Date = 11/2/2008 9:11:36 AM | Attr = HS] < End of report >
Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 3
11/4/2008 5:12:15 PM
mbam-log-2008-11-04 (17-12-15).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 187147
Time elapsed: 2 hour(s), 13 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP971\A0164997.dll (Adware.PopCap) -> Quarantined and deleted successfully.