Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HiJackThis log. [RESOLVED]


  • This topic is locked This topic is locked

#1
BadlndsBob

BadlndsBob

    Member

  • Member
  • PipPip
  • 15 posts
Hi, my PC is achingly slow when load most internet sites. For example, yesterday it took 152 seconds just to load the CNET front page. The reasons for this slow pace are beyond me:

1. I am running FIOS at a really fast speed. I have tested the FIOS at two sites and they both say I a running at a high speed.
2. My pc is an AMD X2 4200 with 1024 MB RAM (is that not enough these days?).
3. My pc is directly connected to the router via an ethernet cable.
4. This happens with both FireFox and Internet Explorer.
5. In the past 3 months, I have run AVG, Kaskperky, Super Antispyware, Ad-Aware, Spybot, McAfee Stinger, A-squared, C-Cleaner, ATF-Cleaner, AOL Spyware protection, Panda, and, have de-fragged my hard-drive.


Here is my HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:30 AM, on 2/29/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~2\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~2\Grisoft\AVG7\avgcc.exe
C:\PROGRA~2\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files (x86)\a-squared free\a2service.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~2\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SysWOW64\CTsvcCDA.exe
C:\PROGRA~2\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ExPLabs.com\LinkScanner\LinkScannerConnect.exe
C:\WINDOWS\SysWOW64\freecell.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlx64 - C:\WINDOWS\
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 4455 bytes


I really appreciate your help. Thanks.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay, you do have an infection but I will need to have an up to date look at your system

You may have some infections that target Hijackthis.
I will need you to rename Hijackthis:
To do this:*Go to Start
*Right click and choose Explore
*Navigate to this location C:\Program Files\TrendMicro\Hijackthis
*Open the Hijackthis folder
*Right click on the Hijackthis icon and click rename
*rename it to Gotcha

THEN

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
BadlndsBob

BadlndsBob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks so much for your help!

Here is the main.txt:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-05 08:35:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:33 AM, on 3/5/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~2\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SysWOW64\CTsvcCDA.exe
C:\PROGRA~2\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~2\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
C:\Documents and Settings\Administrator\Desktop\PC Maintenance\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlx64 - C:\WINDOWS\
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 4019 bytes

-- HijackThis Fixed Entries (C:\PROGRA~2\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070706-163744-603 O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - (no file)
backup-20070708-120606-744 O15 - ESC Trusted Zone: http://runonce.msn.com
backup-20070725-174930-512 O4 - HKLM\..\Run: [RealTray] "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
backup-20070725-175157-167 O4 - Global Startup: Corel Registration.lnk = C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe
backup-20070725-175157-250 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
backup-20070725-175157-404 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20070725-175159-329 O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
backup-20070725-175159-364 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20070725-175200-271 O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
backup-20070725-175200-277 O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - (no file)
backup-20070725-175200-608 O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
backup-20070727-080650-345 O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
backup-20070812-174723-144 O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
backup-20070812-174723-148 O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
backup-20070812-174723-241 O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
backup-20070812-174723-343 O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
backup-20070812-174723-760 O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - (no file)
backup-20070812-174723-845 O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
backup-20070812-174723-877 O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
backup-20070921-161207-147 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
backup-20070921-161207-249 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152107987125
backup-20070921-161207-751 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
backup-20070921-161207-783 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070921-161207-961 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
backup-20070921-161207-972 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
backup-20070925-211444-243 O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
backup-20070925-211444-525 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
backup-20070925-211444-848 O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1148778991\ee\AOLSoftware.exe"
backup-20071029-165510-103 O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
backup-20071106-112939-482 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
backup-20071208-063058-327 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
backup-20071214-105712-969 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
backup-20080101-101807-597 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
backup-20080101-103259-866 O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
backup-20080108-051700-709 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
backup-20080215-111307-913 O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
backup-20080216-084548-492 O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
backup-20080216-084548-815 O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (Standard IDE/ESDI Hard Disk Controller) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 crcdisk (CRC Disk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 Disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
R0 dmio (Logical Disk Manager Driver) - c:\windows\system32\drivers\dmio.sys (file missing)
R0 dmload - c:\windows\system32\drivers\dmload.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 Ftdisk (Volume Manager Driver) - c:\windows\system32\drivers\ftdisk.sys (file missing)
R0 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing)
R0 PartMgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 PCI (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
R0 PCIIde - c:\windows\system32\drivers\pciide.sys (file missing)
R0 sptd - c:\windows\system32\drivers\sptd.sys (file missing)
R0 sr (System Restore Filter Driver) - c:\windows\system32\drivers\sr.sys (file missing)
R0 VolSnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R0 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - c:\windows\system32\drivers\wudfpf.sys (file missing)
R1 AFD - c:\windows\system32\drivers\afd.sys (file missing)
R1 AmdK8 (AMD Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
R1 AvgAsC64 (AVG Anti-Spyware Clean Driver) - c:\windows\system32\drivers\avgasc64.sys (file missing)
R1 AvgCln64 (AVG7 Clean Driver (x64)) - c:\windows\system32\drivers\avgcln64.sys (file missing)
R1 AvgMfx64 (AVG Minifilter x64 Resident Driver) - c:\windows\system32\drivers\avgmfx64.sys (file missing)
R1 Beep - c:\windows\system32\drivers\beep.sys (file missing)
R1 Cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 Fips - c:\windows\system32\drivers\fips.sys (file missing)
R1 imapi (CD-Burning Filter Driver) - c:\windows\system32\drivers\imapi.sys (file missing)
R1 IPSec (IPSEC driver) - c:\windows\system32\drivers\ipsec.sys (file missing)
R1 Kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
R1 mnmdd - c:\windows\system32\drivers\mnmdd.sys (file missing)
R1 Mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 MRxSmb - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 NetBT (NetBios over Tcpip) - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 Rdbss - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 redbook (Digital CD Audio Playback Filter Driver) - c:\windows\system32\drivers\redbook.sys (file missing)
R1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing)
R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave (VGA Display Controller.) - c:\windows\system32\drivers\vga.sys (file missing)
R2 AvgTdi64 (AVG Network Redirector x64) - c:\windows\system32\drivers\avgtdi64.sys (file missing)
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys (file missing)
R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys (file missing)
R2 Secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R3 AmdLLD64 (AMD Low Level Device Driver) - c:\windows\system32\drivers\amdlld64.sys (file missing)
R3 Arp1394 (1394 ARP Client Protocol) - c:\windows\system32\drivers\arp1394.sys (file missing)
R3 audstub (Audio Stub Driver) - c:\windows\system32\drivers\audstub.sys (file missing)
R3 CAMHWBS2 - c:\windows\system32\drivers\hsfbs4.sys (file missing)
R3 ctsfm2k (Creative SoundFont Management Device Driver) - c:\windows\system32\drivers\ctsfm2k.sys (file missing)
R3 Fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
R3 Flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
R3 Gpc (Generic Packet Classifier) - c:\windows\system32\drivers\msgpc.sys (file missing)
R3 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp4.sys (file missing)
R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
R3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
R3 IpNat (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
R3 kmixer (Microsoft Kernel Wave Audio Mixer) - c:\windows\system32\drivers\kmixer.sys (file missing)
R3 ksthunk (Kernel Streaming WOW64 Thunk Service) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
R3 MRxDAV (WebDav Client Redirector) - c:\windows\system32\drivers\mrxdav.sys (file missing)
R3 ms_mpu401 (Microsoft MPU-401 MIDI UART Driver) - c:\windows\system32\drivers\msmpu401.sys (file missing)
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys (file missing)
R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 NIC1394 (1394 Net Driver) - c:\windows\system32\drivers\nic1394.sys (file missing)
R3 nv - c:\windows\system32\drivers\nv4_mini.sys (file missing)
R3 NVENETFD (NVIDIA nForce Networking Controller Driver) - c:\windows\system32\drivers\nvenetfd.sys (file missing)
R3 nvnetbus (NVIDIA Network Bus Enumerator) - c:\windows\system32\drivers\nvnetbus.sys (file missing)
R3 ossrv (Creative OS Services Driver) - c:\windows\system32\drivers\ctoss2k.sys (file missing)
R3 P1764 (Sound Blaster Live! 24-bit) - c:\windows\system32\drivers\p1764.sys (file missing)
R3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\psched.sys (file missing)
R3 Ptilink (Direct Parallel Link Driver) - c:\windows\system32\drivers\ptilink.sys (file missing)
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 Raspti (Direct Parallel) - c:\windows\system32\drivers\raspti.sys (file missing)
R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 RT2500 (RT2500 Wireless Driver) - c:\windows\system32\drivers\rt2500.sys (file missing)
R3 serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
R3 Srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 sysaudio (Microsoft Kernel System Audio Device) - c:\windows\system32\drivers\sysaudio.sys (file missing)
R3 Update (Microcode Update Driver) - c:\windows\system32\drivers\update.sys (file missing)
R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
R3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw64.sys (file missing)
R3 wdmaud (Microsoft WINMM WDM Audio Compatibility Driver) - c:\windows\system32\drivers\wdmaud.sys (file missing)
R3 winachsf - c:\windows\system32\drivers\hsfcnxt4.sys (file missing)
R4 Cdfs - c:\windows\system32\drivers\cdfs.sys (file missing)
R4 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)

S1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
S1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee Security; McAfee Personal Firewall Plus>
S1 SASDIFSV - c:\program files (x86)\superantispyware\sasdifsv.sys
S1 Sfloppy - c:\windows\system32\drivers\sfloppy.sys (file missing)
S3 aec (Microsoft Kernel Acoustic Echo Canceller) - c:\windows\system32\drivers\aec.sys (file missing)
S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
S3 Atmarpc (ATM ARP Client Protocol) - c:\windows\system32\drivers\atmarpc.sys (file missing)
S3 Dot4 (MS IEEE-1284.4 Driver) - c:\windows\system32\drivers\dot4.sys (file missing)
S3 Dot4Print (Print Class Driver for IEEE-1284.4) - c:\windows\system32\drivers\dot4prt.sys (file missing)
S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 IpInIp (IP in IP Tunnel Driver) - c:\windows\system32\drivers\ipinip.sys (file missing)
S3 IRENUM (IR Enumerator Service) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
S3 NwlnkFlt (IPX Traffic Filter Driver) - c:\windows\system32\drivers\nwlnkflt.sys (file missing)
S3 NwlnkFwd (IPX Traffic Forwarder Driver) - c:\windows\system32\drivers\nwlnkfwd.sys (file missing)
S3 RDPWD - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 SASENUM - c:\program files (x86)\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 splitter (Microsoft Kernel Audio Splitter) - c:\windows\system32\drivers\splitter.sys (file missing)
S3 swmidi (Microsoft Kernel GS Wavetable Synthesizer) - c:\windows\system32\drivers\swmidi.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys (file missing)
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys (file missing)
S3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - c:\windows\system32\drivers\wudfrd.sys (file missing)
S4 ACPIEC - c:\windows\system32\drivers\acpiec.sys (file missing)
S4 dmboot - c:\windows\system32\drivers\dmboot.sys (file missing)
S4 Fastfat - c:\windows\system32\drivers\fastfat.sys (file missing)
S4 Pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Udfs - c:\windows\system32\drivers\udfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Eventlog (Event Log) - c:\windows\system32\services.exe (file missing)
R2 NVSvc (NVIDIA Display Driver Service) - c:\windows\system32\nvsvc64.exe (file missing)
R2 PlugPlay (Plug and Play) - c:\windows\system32\services.exe (file missing)
R2 PolicyAgent (IPSEC Services) - c:\windows\system32\lsass.exe (file missing)
R2 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)
R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)

S2 OOD2000 (O&O Defrag 2000) - "c:\windows\system32\ood2000.exe" <Not Verified; O&O Software GmbH; O&O Defrag 2000>
S3 dmadmin (Logical Disk Manager Administrative Service) - c:\windows\system32\dmadmin.exe /com (file missing)
S3 HTTPFilter (HTTP SSL) - c:\windows\system32\lsass.exe (file missing)
S3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapi.exe (file missing)
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 Netlogon (Net Logon) - c:\windows\system32\lsass.exe (file missing)
S3 NtLmSsp (NT LM Security Support Provider) - c:\windows\system32\lsass.exe (file missing)
S3 vds (Virtual Disk Service) - c:\windows\system32\vds.exe (file missing)
S3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)
S3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
S4 TlntSvr (Telnet) - c:\windows\system32\tlntsvr.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-05 07:41:09 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-02-28 09:04:24 292 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2008-02-25 07:48:01 296 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-21 19:34:07 378 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job


-- Files created between 2008-02-05 and 2008-03-05 -----------------------------

2008-03-04 18:12:54 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-03-02 15:03:31 0 d-------- C:\Program Files (x86)\Windows Defender
2008-03-02 14:55:25 0 d-------- C:\Program Files (x86)\WindowsUpdate
2008-02-28 19:20:58 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-28 19:20:45 0 d-------- C:\Program Files (x86)\SUPERAntiSpyware
2008-02-28 19:20:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-28 10:48:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6
2008-02-16 08:46:13 0 d-------- C:\VundoFix Backups
2008-02-11 13:15:57 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 13:15:57 3459 --a------ C:\WINDOWS\unins000.dat
2008-02-09 08:54:16 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-02-09 08:54:16 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-02-08 09:23:13 0 d-------- C:\Program Files (x86)\ExPLabs.com
2008-02-08 09:23:11 0 d--h----- C:\Documents and Settings\All Users\Application Data\{970DA77C-0D99-4147-9457-55E2393495F0}


-- Find3M Report ---------------------------------------------------------------

2008-03-05 07:48:59 0 d-------- C:\Program Files (x86)\Mozilla Thunderbird
2008-03-05 07:22:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\CallingID
2008-03-03 05:06:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-03-02 14:59:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\vol_toolbar
2008-03-02 12:21:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-28 19:20:14 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-02-28 10:04:27 0 d-------- C:\Program Files (x86)\AxBx
2008-02-28 09:04:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-02-11 12:31:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-02-09 11:05:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-02-09 08:59:18 0 d--h----- C:\Program Files (x86)\Creative Installation Information
2008-02-09 08:58:14 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-02-09 08:56:41 0 d-------- C:\Program Files (x86)\Creative
2008-02-04 13:34:20 0 d-------- C:\Program Files (x86)\RegCleaner
2008-01-18 11:59:55 0 d-------- C:\Program Files (x86)\a-squared Free


-- Registry Dump ---------------------------------------------------------------



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8006 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-05 08:38:51 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows® XP Professional x64 Edition (build 3790) SP 2.0
Architecture: X64; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1023.37 MiB / 538.34 MiB
Pagefile Memory (total/avail): 2491.02 MiB / 2017.9 MiB
Virtual Memory (total/avail): 4095.88 MiB / 3950.95 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 189.91 GiB total, 128.21 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6B200S0 - 189.92 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 189.91 GiB - C:



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files (x86)\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files (x86)\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files (x86)\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files (x86)\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files (x86)\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files (x86)\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files (x86)\\America Online 9.0c\\waol.exe"="C:\\Program Files (x86)\\America Online 9.0c\\waol.exe:*:Enabled:AOL"
"C:\\Program Files (x86)\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files (x86)\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files (x86)\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files (x86)\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files (x86)\\Common Files\\AOL\\1148778991\\EE\\AOLServiceHost.exe"="C:\\Program Files (x86)\\Common Files\\AOL\\1148778991\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files (x86)\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files (x86)\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files (x86)\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files (x86)\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files (x86)\\LimeWire\\LimeWire.exe"="C:\\Program Files (x86)\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files (x86)\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files (x86)\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files (x86)\\iTunes\\iTunes.exe"="C:\\Program Files (x86)\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files (x86)\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files (x86)\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files (x86)\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files (x86)\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files (x86)\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files (x86)\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files (x86)\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files (x86)\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe"="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files (x86)\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=IAN-N0PWE5PRRQ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\IAN-N0PWE5PRRQ
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files (x86)\ESTsoft\ALZip\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\ESTsoft\ALZip\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=AMD64 Family 15 Model 43 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2b01
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files (x86)\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=IAN-N0PWE5PRRQ
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files (x86)\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\CTCMSGO\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_MUSICPLAYER_MSS_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files (x86)\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /nolog/l0x0009
--> C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{80FFF4BA-C102-4102-A4B1-935D9573278B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{80FFF4BA-C102-4102-A4B1-935D9573278B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
7-Zip 4.23 --> "C:\Program Files (x86)\7-Zip\Uninstall.exe"
a-squared Free 2.0 --> "C:\Program Files (x86)\a-squared Free\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /X{46AC899A-9ECB-43DC-85DE-272E0D116A1E}
Adobe Flash Player ActiveX --> C:\WINDOWS\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
ALZip --> "C:\Program Files (x86)\ESTsoft\ALZip\unins000.exe"
AMD Processor Driver --> C:\Program Files (x86)\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files (x86)\WexTech\AnswerWorks\Uninst.isu"
AOL Coach Version 1.0(Build:20030807.3) --> C:\Program Files (x86)\Common Files\aolshare\Coach\AolCInUn.exe
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files (x86)\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files (x86)\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AsusUpdate --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
AVG 7.5 --> C:\Program Files (x86)\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BioShock --> C:\Program Files (x86)\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
CCleaner (remove only) --> "C:\Program Files (x86)\CCleaner\uninst.exe"
CleanUp! --> C:\Program Files (x86)\CleanUp!\uninstall.exe
Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe
Creative Audio Pack --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9 /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AA9D879B-0F98-4059-85A5-D05718A1D6F7}\SETUP.EXE" -l0x9 /remove
Dual-Core Optimizer --> MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}
File Shredder 2.0 --> "C:\Program Files (x86)\File Shredder\unins000.exe"
Functional Ear Trainer v1.1 --> MsiExec.exe /I{29C00AEB-D97A-4C91-80A0-B2AA910CE32C}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HouseCall 6.6 --> "C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6\uninstaller.exe"
iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JD Secure 3.1 --> C:\WINDOWS\System32\JDSecure31.exe /u
K-Lite Codec Pack 3.4.0 Full --> "C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Learn2 Player (Uninstall Only) --> C:\Program Files (x86)\Learn2.com\StRunner\stuninst.exe
LimeWire 4.14.10 --> "C:\Program Files (x86)\LimeWire\uninstall.exe"
LinkScanner --> "C:\Documents and Settings\All Users\Application Data\{970DA77C-0D99-4147-9457-55E2393495F0}\LinkScannerLiteSetup_2_6_6_0090_6.exe" REMOVE=TRUE MODIFY=FALSE
LinkScanner --> C:\Documents and Settings\All Users\Application Data\{970DA77C-0D99-4147-9457-55E2393495F0}\LinkScannerLiteSetup_2_6_6_0090_6.exe
Logitech Resource Center --> C:\PROGRA~2\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~2\Logitech\RESOUR~1\rem\INSTALL.LOG
McAfee Personal Firewall Express --> C:\PROGRA~2\McAfee.com\PERSON~1\UNWISE.EXE C:\PROGRA~2\McAfee.com\PERSON~1\INSTALL.LOG
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~2\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5) --> C:\Program Files (x86)\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (en-US)"
MSN --> C:\Program Files (x86)\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero OEM --> C:\Program Files (x86)\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
O&O Defrag 2000 Freeware Edition --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E86E5246-AA7E-11D4-88C9-00105ADBE398}\Setup.exe"
Oblivion --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
PowerDVD --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Microsoft .NET Framework 2.0 (x64) (KB928365) --> C:\WINDOWS\SysWOW64\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0}
Spybot - Search & Destroy --> "C:\Program Files (x86)\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files (x86)\SpywareBlaster\unins000.exe"
Ss Registry Fixer 2.0 --> "C:\Program Files (x86)\Ss-Tools\Registry Fixer\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
UltraGet Video Downloader 1.1.2 --> "C:\Program Files (x86)\UltraGet Video Downloader\unins000.exe"
Verizon Broadband Toolbar --> C:\Program Files (x86)\vol_toolbar\uninstall.exe
Verizon Servicepoint 1.5.12 --> "C:\Program Files (x86)\Verizon\VSP\unins000.exe"
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPatrol 2007 --> C:\PROGRA~2\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Wise Registry Cleaner 2.8.4 --> "C:\Program Files (x86)\Wise Registry Cleaner\unins000.exe"
XnView 1.80.3 --> "C:\Program Files (x86)\XnView\unins000.exe"
Yahoo! Toolbar --> C:\PROGRA~2\Yahoo!\Common\unyt.exe
ZENcast Organizer --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove


-- Application Event Log -------------------------------------------------------

Event Record #/Type2865 / Error
Event Submitted/Written: 03/05/2008 08:18:02 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.20121, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2864 / Error
Event Submitted/Written: 03/05/2008 07:21:10 AM
Event ID/Source: 2 / MpfService
Event Description:
Filter Engine could not be initialized. Most likely the application was not installed or uninstalled correctly. Please re-install the program.

Event Record #/Type2863 / Warning
Event Submitted/Written: 03/05/2008 07:21:10 AM
Event ID/Source: 1 / MpfService
Event Description:
McAfee Personal Firewall generated a warning message.

Time: Wed Mar 05 07:21:10 2008

Warning Text:
Fatal Error: The McAfee Personal Firewall Security Filter could not be loaded. This means that your computer is NOT currently protected. If this problem persists, you may need to reinstall McAfee Personal Firewall.

Error Number: 0x0

Error Description:
The operation completed successfully.

Event Record #/Type2862 / Warning
Event Submitted/Written: 03/05/2008 07:21:10 AM
Event ID/Source: 1 / MpfService
Event Description:
McAfee Personal Firewall generated a warning message.

Time: Wed Mar 05 07:21:10 2008

Warning Text:
McAfee Personal Firewall could not access device driver. Either the device driver was not installed properly, or has been removed. First, try rebooting your computer and see if the error occurs again. If this problem persists, you may need to reinstall McAfee Personal Firewall.

Error Number: 0x2

Error Description:
The system cannot find the file specified.

Event Record #/Type2861 / Warning
Event Submitted/Written: 03/05/2008 07:21:10 AM
Event ID/Source: 1 / MpfService
Event Description:
McAfee Personal Firewall generated a warning message.

Time: Wed Mar 05 07:21:10 2008

Warning Text:
McAfee Personal Firewall generated a warning message.

Time: %s
Warning Text:
%s

Error Number: 0x%x

Error Description:
%s


Error Number: 0x2

Error Description:
The system cannot find the file specified.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log --------------------------
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets start shall we :)

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F2 - REG:system.ini: UserInit=userinit

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
BadlndsBob

BadlndsBob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is my HiJackThis log. I ran ComboFix, but, I didn't see a log or printout from it. Should I re-run it or what?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:16, on 2008-03-06
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~2\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~2\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files (x86)\a-squared free\a2service.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~2\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SysWOW64\CTsvcCDA.exe
C:\PROGRA~2\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Gotcha.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlx64 - C:\WINDOWS\
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 4238 bytes


(Thanks for your help. You folks' level of knowledge is really impressive. )
  • 0

#6
BadlndsBob

BadlndsBob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry, I had an ignorelist. I deleted it, ran HiJackThis and am posting the new log. Thanks again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:23, on 2008-03-06
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~2\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~2\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files (x86)\a-squared free\a2service.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~2\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SysWOW64\CTsvcCDA.exe
C:\PROGRA~2\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Gotcha.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ExPLabs.com\LinkScanner\LinkScannerConnect.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon....p;bm=ho_central
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\ExPLabs.com\LinkScanner\LinkScannerIE.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~2\VOL_TO~1\VOL_TO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~2\VOL_TO~1\VOL_TO~1.DLL
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~2\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - https://dcwebmail1.e...ov/iNotes6W.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlx64 - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files (x86)\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~2\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - (no file)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 8415 bytes
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The log should be at C:\Combofix.txt If you could post that please
  • 0

#8
BadlndsBob

BadlndsBob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
The only .txt document I have under c:\combofix is this one. It is named pend.txt.

.:\\(0!|0\\0)
C:\\WINDOWS\\system32\\(0!|0\\0)
C:\\WINDOWS\\system32\\config\\(0!|0\\0)
C:\\WINDOWS\\system32\\csrss.exe\\(0!|0\\0)
C:\\WINDOWS\\system32\\drivers\\(0!|0\\0)
C:\\WINDOWS\\system32\\hal.dll\\(0!|0\\0)
C:\\WINDOWS\\system32\\lsass.exe\\(0!|0\\0)
C:\\WINDOWS\\system32\\ntdll.dll\\(0!|0\\0)
C:\\WINDOWS\\system32\\services.exe\\(0!|0\\0)
C:\\WINDOWS\\system32\\smss.exe\\(0!|0\\0)
C:\\WINDOWS\\system32\\svchost.exe\\(0!|0\\0)
C:\\WINDOWS\\system32\\userinit.exe\\(0!|0\\0)
C:\\WINDOWS\\system32\\wbem\\(0!|0\\0)
C:\\WINDOWS\\system32\\winlogon.exe\\(0!|0\\0)
C:\\boot.ini\\(0!|0\\0)
C:\\ntdetect.com\\(0!|0\\0)
C:\\ntldr\\(0!|0\\0)
C:\\WINDOWS\\(0!|0\\0)
C:\\WINDOWS\\explorer.exe\\(0!|0\\0)

I'll try to do a search. Maybe it is under another folder. I appreciate your help.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run Combofix again then please that should generate a log :)
  • 0

#10
BadlndsBob

BadlndsBob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Believe it not, I already ran it again twice. But, I'll do pretty much anything to get this fixed. I was wondering if I need to reinstall Combofix.
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK then change of tack :)

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind35u folder and double-click on WinPFind35u.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#12
BadlndsBob

BadlndsBob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
[code=auto:0]WinPFind35 logfile created on: 2008-03-08 11:46:06
WinPFind35U Version 1.0.3.1 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind35u
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1023.37 Mb Total Physical Memory | 623.46 Mb Available Physical Memory | 60.92% Memory free
2.43 Gb Paging File | 2.14 Gb Available in Paging File | 87.97% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 189.91 Gb Total Space | 128.13 Gb Free Space | 67.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IAN-N0PWE5PRRQ
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - All]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-11 15:43:31 | Attr = ]
aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 2004-10-15 15:54:14 | Attr = ]
aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 2004-10-15 15:54:12 | Attr = ]
ctsvccda.exe -> %SystemRoot%\SysWOW64\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 1999-12-13 01:01:00 | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 2003-08-27 09:27:44 | Attr = ]
ctfmon.exe -> %SystemRoot%\SysWOW64\ctfmon.exe -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 15360 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ]
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 34816 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ]
verizonservicepoint.exe -> %ProgramFiles%\Verizon\VSP\VerizonServicepoint.exe -> Verizon [Ver = 1.5.12.18212 | Size = 2061816 bytes | Modified Date = 2007-05-11 14:20:04 | Attr = ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.3.1 | Size = 310784 bytes | Modified Date = 2008-03-05 01:21:14 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(a2free) a-squared Free Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.384 | Size = 366712 bytes | Modified Date = 2008-01-14 12:00:23 | Attr = ]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-11 15:43:31 | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 2006-10-23 07:50:35 | Attr = R ]
(AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 2004-10-15 15:54:14 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 07:31:10 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2008-01-25 03:00:38 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2008-01-25 03:00:46 | Attr = ]
(AvgCoreSvc) AVG7 Resident Shield Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 2008-01-25 03:00:38 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 2008-01-25 03:00:44 | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 1999-12-13 01:01:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> File not found
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\lsass.exe -> File not found
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\imapi.exe -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.3.0.54 | Size = 501048 bytes | Modified Date = 2007-06-28 08:14:32 | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfService.exe -> McAfee Corporation [Ver = 4.1.0.1 | Size = 184320 bytes | Modified Date = 2003-01-29 16:30:58 | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\msdtc.exe -> File not found
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc64.exe -> File not found
(OOD2000) O&O Defrag 2000 [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\OOD2000.exe -> O&O Software GmbH [Ver = 3.5.562 | Size = 238080 bytes | Modified Date = 2001-04-06 12:57:46 | Attr = ]
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> -> File not found
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found
(TlntSvr) Telnet [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\tlntsvr.exe -> File not found
(vds) Virtual Disk Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vds.exe -> File not found
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vssvc.exe -> File not found
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 2003-08-27 09:27:44 | Attr = ]
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wbem\wmiapsrv.exe -> File not found

[Registry - All]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 04:25:42 | Attr = ]
amd_dc_opt -> %ProgramFiles%\AMD\Dual-Core Optimizer\amd_dc_opt.exe -> AMD [Ver = 1, 1, 3, 0 | Size = 77824 bytes | Modified Date = 2007-07-23 11:06:28 | Attr = ]
MPFExe -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfTray.exe -> McAfee Security [Ver = 4.5.4.41 | Size = 1187899 bytes | Modified Date = 2005-04-12 15:44:06 | Attr = ]
P17Helper -> %SystemRoot%\system32\P17.dll -> [Ver = 1.0.1.41 | Size = 64512 bytes | Modified Date = 2005-05-03 22:38:42 | Attr = ]
VerizonServicepoint.exe -> %ProgramFiles%\Verizon\VSP\VerizonServicepoint.exe -> Verizon [Ver = 1.5.12.18212 | Size = 2061816 bytes | Modified Date = 2007-05-11 14:20:04 | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ctfmon.exe -> %SystemRoot%\system32\ctfmon.exe -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 15360 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 2008-01-28 11:43:40 | Attr = RHS]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ ->
Your Image File Name Here without a path -> %SystemRoot%\system32\ntsd.exe [Debugger] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 40960 bytes | Modified Date = 2007-02-18 10:05:44 | Attr = ]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{fbeb8a05-beee-4442-804e-409d6c4515e9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\shell32.dll [CDBurn] -> Microsoft Corporation [Ver = 6.00.3790.4184 (srv03_sp2_gdr.071106-1258) | Size = 8360448 bytes | Modified Date = 2007-11-08 00:55:44 | Attr = ]
{7849596a-48ea-486e-8937-a2a3009f31a9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\shell32.dll [PostBootReminder] -> Microsoft Corporation [Ver = 6.00.3790.4184 (srv03_sp2_gdr.071106-1258) | Size = 8360448 bytes | Modified Date = 2007-11-08 00:55:44 | Attr = ]
{35CEC8A3-2BE6-11D2-8773-92E220524153} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 122880 bytes | Modified Date = 2007-02-18 10:05:52 | Attr = ]
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 233472 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [AVG Anti-Spyware 7.5] -> File not found
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 2006-12-20 12:55:48 | Attr = ]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\shell32.dll [] -> Microsoft Corporation [Ver = 6.00.3790.4184 (srv03_sp2_gdr.071106-1258) | Size = 8360448 bytes | Modified Date = 2007-11-08 00:55:44 | Attr = ]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
{438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\browseui.dll [Browseui preloader] -> Microsoft Corporation [Ver = 6.00.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 1033216 bytes | Modified Date = 2007-02-18 10:05:20 | Attr = ]
{8C7461EF-2B13-11d2-BE35-3078302C2030} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\browseui.dll [Component Categories cache daemon] -> Microsoft Corporation [Ver = 6.00.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 1033216 bytes | Modified Date = 2007-02-18 10:05:20 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll -> %SystemRoot%\system32\msapsspc.dll -> Microsoft Corporation [Ver = 6.00.7755 | Size = 80128 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ]
schannel.dll -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.2.3790.4068 (srv03_sp2_gdr.070425-2330) | Size = 146944 bytes | Modified Date = 2007-04-25 13:45:30 | Attr = ]
digest.dll -> %SystemRoot%\system32\digest.dll -> Microsoft Corporation [Ver = 6.00.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 71680 bytes | Modified Date = 2007-02-18 10:05:58 | Attr = ]
msnsspc.dll -> %SystemRoot%\system32\msnsspc.dll -> Microsoft Corporation [Ver = 6.1.1825.0 | Size = 319760 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 1364480 bytes | Modified Date = 2007-02-16 23:20:36 | Attr = ]
*MultiFile Done* -> ->
*System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System ->
lsass.exe -> lsass.exe -> File not found
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\SYSTEM32\Userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 26112 bytes | Modified Date = 2007-02-18 10:05:56 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
%SystemRoot%\system32\logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 516096 bytes | Modified Date = 2007-02-18 10:05:34 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\rundll32.exe -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 34816 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 301568 bytes | Modified Date = 2007-02-18 10:05:52 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2007-02-27 11:39:26 | Attr = ]
avgwlx64 -> -> File not found
crypt32chain -> %SystemRoot%\system32\crypt32.dll -> Microsoft Corporation [Ver = 5.131.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 595456 bytes | Modified Date = 2007-02-18 10:05:24 | Attr = ]
cryptnet -> %SystemRoot%\system32\cryptnet.dll -> Microsoft Corporation [Ver = 5.131.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 62464 bytes | Modified Date = 2007-02-18 10:05:24 | Attr = ]
cscdll -> %SystemRoot%\system32\cscdll.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 101888 bytes | Modified Date = 2007-02-18 10:05:24 | Attr = ]
dimsntfy -> %SystemRoot%\system32\dimsntfy.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 19456 bytes | Modified Date = 2007-02-18 10:05:26 | Attr = ]
EFS -> %SystemRoot%\system32\sclgntfy.dll -> Microsoft Corporation [Ver = 5.2.3790.0 (srv03_rtm.030324-2048) | Size = 19968 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ]
ScCertProp -> wlnotify.dll -> File not found
Schedule -> wlnotify.dll -> File not found
sclgntfy -> %SystemRoot%\system32\sclgntfy.dll -> Microsoft Corporation [Ver = 5.2.3790.0 (srv03_rtm.030324-2048) | Size = 19968 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ]
SensLogn -> WlNotify.dll -> File not found
termsrv -> -> File not found
wlballoon -> wlnotify.dll -> File not found
WRNotifier -> WRLogonNTF.dll -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 ->
< HOSTS File > (227804 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central ->
HKEY_CURRENT_USER\: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ieframe.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 6066176 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4237 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6311 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
40 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 2006-12-18 03:16:42 | Attr = ]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ExPLabs.com\LinkScanner\LinkScannerIE.dll [XPL LinkScannerIE] -> Exploit Prevention Labs, Inc. [Ver = 2.6.6.90 | Size = 361752 bytes | Modified Date = 2007-08-20 23:00:03 | Attr = ]
{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\vol_toolbar\vol_toolbar.dll [Verizon Broadband Toolbar] -> Verizon Online. [Ver = 5.0.1.200 | Size = 1904128 bytes | Modified Date = 2007-05-25 08:15:48 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4D5C8C25-D075-11d0-B416-00C04FB90376} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\shdocvw.dll [&Tip of the Day] -> Microsoft Corporation [Ver = 6.00.3790.4064 (srv03_sp2_gdr.070418-2348) | Size = 1508352 bytes | Modified Date = 2007-05-03 12:46:32 | Attr = ]
{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\shdocvw.dll [Real.com] -> Microsoft Corporation [Ver = 6.00.3790.4064 (srv03_sp2_gdr.070418-2348) | Size = 1508352 bytes | Modified Date = 2007-05-03 12:46:32 | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\shdocvw.dll [Explorer Band] -> Microsoft Corporation [Ver = 6.00.3790.4064 (srv03_sp2_gdr.070418-2348) | Size = 1508352 bytes | Modified Date = 2007-05-03 12:46:32 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\vol_toolbar\vol_toolbar.dll [Verizon Broadband Toolbar] -> Verizon Online. [Ver = 5.0.1.200 | Size = 1904128 bytes | Modified Date = 2007-05-25 08:15:48 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 1033216 bytes | Modified Date = 2007-02-18 10:05:20 | Attr = ]
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 1033216 bytes | Modified Date = 2007-02-18 10:05:20 | Attr = ]
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\shell32.dll [&Links] -> Microsoft Corporation [Ver = 6.00.3790.4184 (srv03_sp2_gdr.071106-1258) | Size = 8360448 bytes | Modified Date = 2007-11-08 00:55:44 | Attr = ]
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\vol_toolbar\vol_toolbar.dll [Verizon Broadband Toolbar] -> Verizon Online. [Ver = 5.0.1.200 | Size = 1904128 bytes | Modified Date = 2007-05-25 08:15:48 | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 2005-08-04 20:54:42 | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ]
CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3798EE93-C434-44F8-A172-20DE7E85C3FC} -> (1394 Net Adapter) ->
{83E5E45F-204D-454F-B158-18169371B471} -> () ->
{D0FC8148-9A52-45C0-8D22-8E3807D72798} -> (Wireless PCI Adapter) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 233472 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -> %SystemRoot%\system32\winrnr.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 17408 bytes | Modified Date = 2007-02-18 10:05:58 | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 233472 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 233472 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 233472 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 233472 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 233472 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 233472 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML About Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[CDL: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\msvidctl.dll[DVD: Pluggable Protocol] -> Microsoft Corporation [Ver = 6.05.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 1563136 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ]
file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[file:, local: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[ftp: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\urlmon.dll[gopher: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[http: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[https: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\itss.dll[Microsoft InfoTech Protocols for IE 4.0] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 137216 bytes | Modified Date = 2007-02-18 10:05:32 | Attr = ]
java script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML Javascript Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[file:, local: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML Mailto Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\inetcomm.dll[MHTML Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 6.00.3790.4133 (srv03_sp2_gdr.070816-0230) | Size = 694784 bytes | Modified Date = 2007-08-17 12:51:24 | Attr = ]
mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[mk: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\itss.dll[Microsoft InfoTech Protocols for IE 4.0] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 137216 bytes | Modified Date = 2007-02-18 10:05:32 | Attr = ]
res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML Resource Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
sysimage:{76E67A63-06E9-11D2-A840-006008059382} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\mshtml.dll[Microsoft HTML Resource Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\msvidctl.dll[TV: Pluggable Protocol] -> Microsoft Corporation [Ver = 6.05.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 1563136 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ]
vb script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML Javascript Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\wiascr.dll[WiaProtocol Class] -> Microsoft Corporation [Ver = 5.2.3790.0 (srv03_rtm.030324-2048) | Size = 74240 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ]
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mscoree.dll[Cor MIME Filter, CorFltr, CorFltr 1] -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 2007-04-13 02:21:14 | Attr = ]
application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mscoree.dll[Cor MIME Filter, CorFltr, CorFltr 1] -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 2007-04-13 02:21:14 | Attr = ]
application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mscoree.dll[Cor MIME Filter, CorFltr, CorFltr 1] -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 2007-04-13 02:21:14 | Attr = ]
Class Install Handler:{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[AP Class Install Handler filter] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
deflate:{8f6b0360-b80d-11d0-a9b3-006097942311}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[AP encoding/decoding Filters] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
gzip:{8f6b0360-b80d-11d0-a9b3-006097942311}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[AP encoding/decoding Filters] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
lzdhtml:{8f6b0360-b80d-11d0-a9b3-006097942311}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[AP encoding/decoding Filters] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ]
text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\shell32.dll[WebView MIME Filter] -> Microsoft Corporation [Ver = 6.00.3790.4184 (srv03_sp2_gdr.071106-1258) | Size = 8360448 bytes | Modified Date = 2007-11-08 00:55:44 | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{01113300-3E00-11D2-8470-0060089874ED}[HKEY_LOCAL_MACHINE] -> https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab[Reg Error: Key does not exist or could not be opened.] ->
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15031/CTSUEng.cab[Creative Software AutoUpdate] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] ->
{3BFFE033-BF43-11D5-A271-00A024A51325}[HKEY_LOCAL_MACHINE] -> https://dcwebmail1.epa.gov/iNotes6W.cab[Reg Error: Key does not exist or could not be opened.] ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[McAfee.com Operating System Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39509.4966666667[Update Class] ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab[DwnldGroupMgr Class] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab[PopCapLoader Object] ->
{F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15034/CTPID.cab[Creative Software AutoUpdate Support Package] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\\SuppressDuplicateDuration -> 86400 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 143360 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 350720 bytes | Modified Date = 2007-02-18 10:05:34 | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 143360 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.2.3790.4068 (srv03_sp2_gdr.070425-2330) | Size = 146944 bytes | Modified Date = 2007-04-25 13:45:30 | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 76288 bytes | Modified Date = 2007-02-18 10:06:04 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 444 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 188928 bytes | Modified Date = 2007-02-18 10:05:48 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 121856 bytes | Modified Date = 2007-02-18 10:05:44 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM&
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi BadlndsBob could you attach the file as it is large and there was a lot missing in your previous post :)

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#14
BadlndsBob

BadlndsBob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry, I didn't realize. Attached File  WinPFind35.Txt   183.3KB   57 downloads

Thanks again. I didn't know this kind of thing ever got this drawn out.
  • 0

#15
BadlndsBob

BadlndsBob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Let me add this later version. In the first one, it was checked for files modified in the last 30 days, not 90. This one, I checked files modified in the last 90 days (as well as files created in last 90 days). Attached File  WinPFind35.Txt   198.47KB   58 downloads
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP