Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojandownloader.xs [CLOSED]


  • This topic is locked This topic is locked

#16
nikkiware

nikkiware

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTScanIt logfile created on: 3/31/2008 10:03:18 PM

OTScanIt by OldTimer - Version 1.0.8.0	 Folder = C:\Documents and Settings\Value User\Desktop\OTScanIt

Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2800.1106)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

125.52 Mb Total Physical Memory | 33.75 Mb Available Physical Memory | 26.89% Memory free

300.43 Mb Paging File | 92.72 Mb Available in Paging File | 30.86% Paging File free

Paging file location(s): C:\pagefile.sys 192 384;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 18.64 Gb Total Space | 16.54 Gb Free Space | 88.75% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: VALUE-X5GUHQA71

Current User Name: Value User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user



[Processes - Non-Microsoft Only]

aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr =	]

ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =	]

cmdagent.exe -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 3/20/2008 11:11:02 PM | Attr =	]

ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr =	]

ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr =	]

soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.24 | Size = 65024 bytes | Modified Date = 2/9/2004 3:54:14 AM | Attr = R  ]

ybrwicon.exe -> %ProgramFiles%\Yahoo!\browser\ybrwicon.exe -> Yahoo!, Inc. [Ver = 2003, 12, 9, 1 | Size = 57344 bytes | Modified Date = 12/9/2003 2:02:04 PM | Attr =	]

cpf.exe -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 3/20/2008 11:11:02 PM | Attr =	]

ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr =	]

wkcalrem.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\wkcalrem.exe -> Microsoft® Corporation [Ver = 5.00.1928.1 | Size = 53317 bytes | Modified Date = 9/4/1999 5:23:00 PM | Attr =	]

ycommon.exe -> %ProgramFiles%\Yahoo!\browser\ycommon.exe -> Yahoo!, Inc. [Ver = 2005, 2, 23, 1 | Size = 229376 bytes | Modified Date = 3/31/2005 9:26:50 AM | Attr =	]

ypager.exe -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe ->  [Ver =  | Size = 3092480 bytes | Modified Date = 8/15/2005 3:24:08 PM | Attr =	]

otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.8.0 | Size = 370176 bytes | Modified Date = 3/29/2008 5:10:10 PM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr =	]

(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =	]

(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr =	]

(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr =	]

(CmdAgent) Comodo Application Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 3/20/2008 11:11:02 PM | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.6624.297.3 | Size = 147728 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr =	]



[Driver Services - Non-Microsoft Only]

(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 9:49:02 AM | Attr =	]

(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 1:15:00 PM | Attr =	]

(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ALCXSENS.SYS -> Sensaura Ltd [Ver = 5.10.00.3511D | Size = 391424 bytes | Modified Date = 12/11/2003 10:54:14 AM | Attr = R  ]

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5490 | Size = 610988 bytes | Modified Date = 2/18/2004 10:51:08 AM | Attr = R  ]

(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\asctrm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 5/27/2004 3:39:30 PM | Attr =	]

(aswMon) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Modified Date = 12/4/2007 9:56:02 AM | Attr =	]

(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 9:53:39 AM | Attr =	]

(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 9:51:52 AM | Attr =	]

(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\VALUEU~1\LOCALS~1\Temp\catchme.sys -> File not found

(Cdr4_2K) Cdr4_2K [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdr4_2K.sys -> Roxio [Ver = 5.3.2.31 | Size = 58000 bytes | Modified Date = 3/13/2008 9:34:13 PM | Attr =	]

(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdralw2k.sys -> Roxio [Ver = 5.3.2.31 | Size = 23420 bytes | Modified Date = 3/13/2008 9:34:13 PM | Attr =	]

(CmdMon) Comodo Application Engine [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cmdmon.sys -> Comodo Research Lab., Inc. [Ver = 2.3.035 | Size = 76800 bytes | Modified Date = 3/20/2008 11:11:03 PM | Attr =	]

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 369104 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr =	]

(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 137936 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr =	]

(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 7312 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr =	]

(EL90BC) 3Com EtherLink XL B/C Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\el90xbc5.sys -> 3Com Corporation [Ver = 1.56.50.0013 | Size = 61712 bytes | Modified Date = 10/23/1999 7:22:20 AM | Attr =	]

(FETNDISB) VIA Rhine Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5b.sys -> VIA Technologies, Inc.			   [Ver = 3.13.00.0348 | Size = 40960 bytes | Modified Date = 10/29/2002 1:20:30 AM | Attr = R  ]

(i81x) i81x [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\i81xnt5.sys -> Intel Corporation [Ver = 5.12.01.2641  | Size = 103104 bytes | Modified Date = 8/8/2000 6:18:36 PM | Attr =	]

(Inspect) Comodo Network Engine [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\inspect.sys -> COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Modified Date = 3/20/2008 11:11:03 PM | Attr =	]

(Intels51) Intel(R) 536EP Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Intels51.sys -> Intel Corporation [Ver = 4.61 | Size = 670302 bytes | Modified Date = 5/22/2003 12:54:08 PM | Attr = R  ]

(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.9 | Size = 15781 bytes | Modified Date = 4/13/2004 7:20:08 PM | Attr = R  ]

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 | Size = 17680 bytes | Modified Date = 6/19/2003 2:05:04 PM | Attr =	]

(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3508 | Size = 500568 bytes | Modified Date = 5/28/2002 2:18:46 PM | Attr =	]

(viagfx) viagfx [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\vtmini.sys -> Copyright (C) VIA/S3 Graphics, Inc. [Ver = 6.14.10.0099-16.94.36.11 | Size = 138752 bytes | Modified Date = 12/5/2003 7:22:54 AM | Attr = R  ]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr =	]

COMODO Firewall Pro -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 3/20/2008 11:11:02 PM | Attr =	]

PRISMSVR.EXE -> %SystemRoot%\system32\PRISMSVR.EXE -> File not found

SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.24 | Size = 65024 bytes | Modified Date = 2/9/2004 3:54:14 AM | Attr = R  ]

VTTimer ->  -> File not found

YBrowser -> %ProgramFiles%\Yahoo!\browser\ybrwicon.exe -> Yahoo!, Inc. [Ver = 2003, 12, 9, 1 | Size = 57344 bytes | Modified Date = 12/9/2003 2:02:04 PM | Attr =	]

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe ->  [Ver =  | Size = 3092480 bytes | Modified Date = 8/15/2005 3:24:08 PM | Attr =	]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk -> %CommonProgramFiles%\Microsoft Shared\Works Shared\wkcalrem.exe -> Microsoft® Corporation [Ver = 5.00.1928.1 | Size = 53317 bytes | Modified Date = 9/4/1999 5:23:00 PM | Attr =	]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 

< HOSTS File > (27 bytes) -> C:\WINNT\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINNT\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://att.my.yahoo.com/ -> 

HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com[yaho] -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 998 domain(s) found. -> 

objects_aol.com [*] -> Out of zone range - ( 5 ) -> 

www_msn.com [https] -> Trusted sites -> 

2 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 3, 0, 12 | Size = 744960 bytes | Modified Date = 5/12/2004 3:03:00 AM | Attr =	]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\common\yiesrvc.dll [UberButton Class] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 11:39:14 AM | Attr =	]

{65D886A2-7CA7-479B-BB95-14D1EFB7946A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\common\YIeTagBm.dll [YahooTaggedBM Class] -> Yahoo! Inc. [Ver = 2005, 1, 24, 1 | Size = 115832 bytes | Modified Date = 1/24/2005 9:55:32 AM | Attr =	]

{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{8E718888-423F-11D2-876E-00A0C9082467} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx [@msdxmLC.dll,[email protected],&Radio] ->  [Ver =  | Size = 844048 bytes | Modified Date = 9/17/2003 1:01:28 PM | Attr =	]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 1, 1 | Size = 342600 bytes | Modified Date = 8/1/2005 2:46:14 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 1, 1 | Size = 342600 bytes | Modified Date = 8/1/2005 2:46:14 PM | Attr =	]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\common\yiesrvc.dll [SBC Yahoo! Services] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 11:39:14 AM | Attr =	]

{c95fe080-8f5d-11d2-a20b-00aa003c157a}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@shdoclc.dll,-866] -> File not found

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\common\yiesrvc.dll [UberButton Class] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 11:39:14 AM | Attr =	]

CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKEY_LOCAL_MACHINE] ->  [@shdoclc.dll,-866] -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{2A0D3259-0588-4406-BBCA-249269BC9DDA} ->	(3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)) -> 

{B541F089-3292-4312-A288-7D3C4A1D6831} ->	(3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)) -> 

{E2D162EC-51D4-4DB1-A76B-BBA7AB4F4F8D} ->	(VIA Rhine II Fast Ethernet Adapter) -> 

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx[AsyncPProt Class] ->  [Ver =  | Size = 844048 bytes | Modified Date = 9/17/2003 1:01:28 PM | Attr =	]

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\common\yinsthelper.dll[YInstStarter Class] -> 

{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205461605373[WUWebControl Class] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINNT\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINNT\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 

< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/danim.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/danim.dll\\.Owner -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/danim.dll\\{DC38CC30-4E3B-11d1-9071-0060081840BC} -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/ddrawex.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/ddrawex.dll\\.Owner -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/ddrawex.dll\\{DC38CC30-4E3B-11d1-9071-0060081840BC} -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/ddrawex.dll\\22d6f312-b0f6-11d0-94ab-0080c74c7e95 -> 22d6f312-b0f6-11d0-94ab-0080c74c7e95 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/iuctl.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/iuctl.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/iuengine.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/iuengine.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\\.Owner -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\\{DC38CC30-4E3B-11d1-9071-0060081840BC} -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\\{4112DF42-0DCB-11d1-8177-00AA00576BAD} -> {4112DF42-0DCB-11d1-8177-00AA00576BAD} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\\{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> {22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/wuweb.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 







[Files/Folders - Created Within 30 days]

Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 3/23/2008 1:17:30 AM | Attr =	]

QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 3/24/2008 4:37:11 PM | Attr =	]

SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 3/20/2008 9:16:37 PM | Attr =	]

_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 3/23/2008 1:14:47 AM | Attr =	]

aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Created Date = 3/20/2008 11:21:36 PM | Attr =	]

aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 3/20/2008 11:21:27 PM | Attr =	]

aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Created Date = 3/20/2008 11:21:27 PM | Attr =	]

aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Created Date = 3/20/2008 11:21:40 PM | Attr =	]

aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Created Date = 3/20/2008 11:21:39 PM | Attr =	]

cdr4_2K.sys -> %SystemRoot%\System32\drivers\cdr4_2K.sys -> Roxio [Ver = 5.3.2.31 | Size = 58000 bytes | Created Date = 3/13/2008 9:34:13 PM | Attr =	]

cdralw2k.sys -> %SystemRoot%\System32\drivers\cdralw2k.sys -> Roxio [Ver = 5.3.2.31 | Size = 23420 bytes | Created Date = 3/13/2008 9:34:13 PM | Attr =	]

cmdmon.sys -> %SystemRoot%\System32\drivers\cmdmon.sys -> Comodo Research Lab., Inc. [Ver = 2.3.035 | Size = 76800 bytes | Created Date = 3/20/2008 11:11:07 PM | Attr =	]

inspect.sys -> %SystemRoot%\System32\drivers\inspect.sys -> COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Created Date = 3/20/2008 11:11:07 PM | Attr =	]

mdc8021x.sys -> %SystemRoot%\System32\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.9 | Size = 15781 bytes | Created Date = 3/13/2008 8:18:23 PM | Attr = R  ]

actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx ->  [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 3/20/2008 11:21:11 PM | Attr =	]

aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Created Date = 3/20/2008 11:21:11 PM | Attr =	]

AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Created Date = 3/20/2008 11:21:32 PM | Attr =	]

cdral.dll -> %SystemRoot%\System32\cdral.dll -> Roxio [Ver = 5.3.2.31 | Size = 45056 bytes | Created Date = 3/13/2008 9:34:13 PM | Attr =	]

cdrtc.dll -> %SystemRoot%\System32\cdrtc.dll -> Roxio [Ver = 5.3.2.31 | Size = 49152 bytes | Created Date = 3/13/2008 9:34:13 PM | Attr =	]

fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 3/24/2008 4:37:06 PM | Attr =	]

grep.exe -> %SystemRoot%\System32\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 3/24/2008 4:37:06 PM | Attr =	]

Perflib_Perfdata_200.dat -> %SystemRoot%\System32\Perflib_Perfdata_200.dat ->  [Ver =  | Size = 16384 bytes | Created Date = 3/31/2008 12:22:42 AM | Attr =	]

Perflib_Perfdata_204.dat -> %SystemRoot%\System32\Perflib_Perfdata_204.dat ->  [Ver =  | Size = 16384 bytes | Created Date = 3/31/2008 9:43:08 PM | Attr =	]

Perflib_Perfdata_568.dat -> %SystemRoot%\System32\Perflib_Perfdata_568.dat ->  [Ver =  | Size = 16384 bytes | Created Date = 3/31/2008 9:58:19 PM | Attr =	]

PRISME5.dll -> %SystemRoot%\System32\PRISME5.dll -> Meetinghouse Data Communications [Ver = 1, 8, 45, 1 | Size = 929792 bytes | Created Date = 3/13/2008 8:18:23 PM | Attr = R  ]

sed.exe -> %SystemRoot%\System32\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 3/24/2008 4:37:06 PM | Attr =	]

swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 3/20/2008 8:56:38 PM | Attr =	]

swsc.exe -> %SystemRoot%\System32\swsc.exe ->  [Ver =  | Size = 40960 bytes | Created Date = 3/20/2008 8:56:38 PM | Attr =	]

swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 3/20/2008 8:56:38 PM | Attr =	]

VFind.exe -> %SystemRoot%\System32\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 3/24/2008 4:37:06 PM | Attr =	]

YCRWin32.dll -> %SystemRoot%\System32\YCRWin32.dll ->  [Ver = 1, 0, 0, 1 | Size = 65536 bytes | Created Date = 3/13/2008 8:41:17 PM | Attr =	]

zip.exe -> %SystemRoot%\System32\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 3/24/2008 4:37:06 PM | Attr =	]

ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 3/23/2008 1:18:05 AM | Attr =	]

2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> 

ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 3/20/2008 10:44:40 PM | Attr =	]

Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 3/24/2008 4:37:06 PM | Attr =	]

SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Created Date = 3/13/2008 9:26:52 PM | Attr =	]

uneng.exe -> %SystemRoot%\uneng.exe -> Roxio [Ver = 5.3.0.6 | Size = 57344 bytes | Created Date = 3/13/2008 9:34:13 PM | Attr =	]

WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Created Date = 3/13/2008 9:33:40 PM | Attr =	]

? -> %SystemRoot%\犐 ->  [Ver =  | Size = 0 bytes | Modified Date = 8/27/2005 3:12:36 PM | Attr =	]

? -> %SystemRoot%\뮘 ->  [Ver =  | Size = 0 bytes | Modified Date = 8/27/2005 3:34:10 PM | Attr =	]



[Files/Folders - Modified Within 30 days]

Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 3/23/2008 1:17:30 AM | Attr =	]

drivers -> %SystemDrive%\drivers ->  [Folder | Modified Date = 3/20/2008 8:56:15 PM | Attr =	]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/21/2008 9:48:54 PM | Attr = R  ]

QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 3/31/2008 12:05:49 AM | Attr =	]

SDFix -> %SystemDrive%\SDFix ->  [Folder | Modified Date = 3/21/2008 10:43:00 PM | Attr =	]

WINNT -> %SystemRoot% ->  [Folder | Modified Date = 3/31/2008 9:36:16 PM | Attr =	]

_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 3/23/2008 1:14:47 AM | Attr =	]

cdr4_2K.sys -> %SystemRoot%\System32\drivers\cdr4_2K.sys -> Roxio [Ver = 5.3.2.31 | Size = 58000 bytes | Modified Date = 3/13/2008 9:34:13 PM | Attr =	]

cdralw2k.sys -> %SystemRoot%\System32\drivers\cdralw2k.sys -> Roxio [Ver = 5.3.2.31 | Size = 23420 bytes | Modified Date = 3/13/2008 9:34:13 PM | Attr =	]

cmdmon.sys -> %SystemRoot%\System32\drivers\cmdmon.sys -> Comodo Research Lab., Inc. [Ver = 2.3.035 | Size = 76800 bytes | Modified Date = 3/20/2008 11:11:03 PM | Attr =	]

etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 3/31/2008 12:11:11 AM | Attr =	]

hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 27 bytes | Modified Date = 3/31/2008 12:11:11 AM | Attr =	]

inspect.sys -> %SystemRoot%\System32\drivers\inspect.sys -> COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Modified Date = 3/20/2008 11:11:03 PM | Attr =	]

CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 3/23/2008 1:18:27 AM | Attr =	]

1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> 

cdral.dll -> %SystemRoot%\System32\cdral.dll -> Roxio [Ver = 5.3.2.31 | Size = 45056 bytes | Modified Date = 3/13/2008 9:34:13 PM | Attr =	]

cdrtc.dll -> %SystemRoot%\System32\cdrtc.dll -> Roxio [Ver = 5.3.2.31 | Size = 49152 bytes | Modified Date = 3/13/2008 9:34:13 PM | Attr =	]

config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 3/21/2008 9:01:20 AM | Attr =	]

CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 3/20/2008 11:21:36 PM | Attr =	]

dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 3/31/2008 9:40:25 PM | Attr = RHS]

drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/31/2008 12:16:55 AM | Attr =	]

NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Modified Date = 3/31/2008 6:43:42 PM | Attr =	]

Perflib_Perfdata_200.dat -> %SystemRoot%\System32\Perflib_Perfdata_200.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/31/2008 12:22:42 AM | Attr =	]

Perflib_Perfdata_204.dat -> %SystemRoot%\System32\Perflib_Perfdata_204.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/31/2008 9:43:08 PM | Attr =	]

Perflib_Perfdata_568.dat -> %SystemRoot%\System32\Perflib_Perfdata_568.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/31/2008 9:58:19 PM | Attr =	]

CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 3/21/2008 9:01:46 AM | Attr =  HS]

2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> 

Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 3/31/2008 9:44:05 PM | Attr =	]

disney.ini -> %SystemRoot%\disney.ini ->  [Ver =  | Size = 1406 bytes | Modified Date = 3/16/2008 9:18:24 PM | Attr =	]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/23/2008 1:18:31 AM | Attr =   S]

ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 3/24/2008 4:43:42 PM | Attr =	]

ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 3/20/2008 10:44:48 PM | Attr =	]

Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 3/13/2008 9:33:57 PM | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 3/16/2008 9:19:02 PM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3/21/2008 9:48:52 PM | Attr =  HS]

ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 985 bytes | Modified Date = 3/13/2008 9:00:06 PM | Attr =	]

RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Modified Date = 3/13/2008 9:34:36 PM | Attr =	]

security -> %SystemRoot%\security ->  [Folder | Modified Date = 3/31/2008 9:41:38 PM | Attr =	]

ShellIconCache -> %SystemRoot%\ShellIconCache ->  [Ver =  | Size = 1284682 bytes | Modified Date = 3/27/2008 8:08:50 PM | Attr =  H ]

SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 3/13/2008 9:27:41 PM | Attr =	]

system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 3/31/2008 12:11:35 AM | Attr =	]

system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/31/2008 9:58:19 PM | Attr =	]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3/31/2008 9:48:28 PM | Attr =	]

uneng.exe -> %SystemRoot%\uneng.exe -> Roxio [Ver = 5.3.0.6 | Size = 57344 bytes | Modified Date = 3/13/2008 9:34:13 PM | Attr =	]

Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 3/24/2008 4:39:29 PM | Attr =   S]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 810 bytes | Modified Date = 3/13/2008 9:34:04 PM | Attr =	]

WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 3/13/2008 9:33:40 PM | Attr =	]

? -> %SystemRoot%\犐 ->  [Ver =  | Size = 0 bytes | Modified Date = 8/27/2005 3:12:36 PM | Attr =	]

? -> %SystemRoot%\뮘 ->  [Ver =  | Size = 0 bytes | Modified Date = 8/27/2005 3:34:10 PM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/24/2008 4:44:31 PM | Attr =  H ]

opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8412 bytes | Modified Date = 3/22/2008 11:26:35 AM | Attr =	]



< End of report >

  • 0

Advertisements


#17
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi nikkiware ,


Run the Fix:
  • Open the OTScanIT folder on the Desktop
  • Run OTScanIt.exe.
  • Copy all the text in the Code box below, and Paste it into the pane under the GREEN bar, titled Paste fix here and then click the green Run Fix button.


    [Unregister Dlls]
    [Files/Folders - Created Within 30 days]
    NY -> fdsv.exe -> %SystemRoot%\System32\fdsv.exe
    NY -> grep.exe -> %SystemRoot%\System32\grep.exe
    NY -> Perflib_Perfdata_200.dat -> %SystemRoot%\System32\Perflib_Perfdata_200.dat
    NY -> Perflib_Perfdata_204.dat -> %SystemRoot%\System32\Perflib_Perfdata_204.dat
    NY -> Perflib_Perfdata_568.dat -> %SystemRoot%\System32\Perflib_Perfdata_568.dat
    NY -> sed.exe -> %SystemRoot%\System32\sed.exe
    NY -> zip.exe -> %SystemRoot%\System32\zip.exe
    NY -> Nircmd.exe -> %SystemRoot%\Nircmd.exe
    NY -> SoftwareDistribution -> %SystemRoot%\SoftwareDistribution
    NY -> WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx
    [Files/Folders - Modified Within 30 days]
    NY -> 1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp
    NY -> Perflib_Perfdata_200.dat -> %SystemRoot%\System32\Perflib_Perfdata_200.dat
    NY -> Perflib_Perfdata_204.dat -> %SystemRoot%\System32\Perflib_Perfdata_204.dat
    NY -> Perflib_Perfdata_568.dat -> %SystemRoot%\System32\Perflib_Perfdata_568.dat
    NY -> 2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp
    NY -> disney.ini -> %SystemRoot%\disney.ini
    NY -> WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx
    NY -> SA.DAT -> %SystemRoot%\tasks\SA.DAT
    [Extra Files]
    Purity
    [Empty Temp Folders]

  • The fix should only take a very short time.
  • When the fix is done, click the OK button in the message box.
  • Notepad will open with a log of actions taken during the fix.
    This file is saved in the Moved Files folder and is named in date_time format (mmddyyyy_hhmmss.log format, so e.g. 04012008_082852.log)
  • I need you to Post the text from that file back here.
I will review the information when it comes back in.


System File Checker:
  • Go to Start > Run and type sfc /scannow (Note the space between the c & the /)
  • /scannow starts the System File Checker immediately.
  • You will probably need your Windows 2K CD to be handy as it may be required.
  • Allow the scan to run and when complete reboot the system

Check to see if you are still getting the error, either copy down exactly what the error message is, or get a sceen shot of the error window & upload the picture in your Reply.
See instructions Here


Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

Cheers,

sage5
  • 0

#18
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP