Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan_DNS changer and Trojan-downloader.popuper


  • Please log in to reply

#1
ash_9118

ash_9118

    Member

  • Member
  • PipPip
  • 22 posts
I have spyware doctor and it keeps detecting Trojan Dns changer and Trojan -downloader.popuper. I remove them and then 10 mins later when i scan they show up again. In global action list of spyware doctor both of the trojan are there and they are marked block.

Here is my Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:54 AM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\admin\Desktop\Ashwin\Other\HJ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201821736265
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4837 bytes

Hope you can help :)
Thnx for reading
  • 0

Advertisements


#2
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hello, ash_9118, welcome to GeeksToGo. I apologize for the delay, our helpers have been very busy.

My name is Tal, and I will be helping you in the process of removing malware from your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • Please don't be afraid to ask questions! :) No question is considered dumb here. It's better to be safe than sorry!
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask! :)

You may also want to Track This Topic. This feature of the forum will send out an email to the email address you've signed up with as soon as I reply, so you can be notified of my reply. To do this, please locate the Options menu, located just under the New Topic and New Reply icons. Once you've found it, click it, and choose Track This Topic from the dropdown menu (the first option). In the page that appears after you have clicked Track This Topic, select Immediate Email Notification, then click Proceed.

Step1 : Online Scan with Kaspersky

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Step 2 : DSS

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Note: It's likely that the two logs won't fit into one post. If so, please post extra.txt in a separate post.

Summary

In your next reply, please include the following:
  • Kaspersky Log;
  • The two DSS logs.

Regards,

Tal :)
  • 0

#3
ash_9118

ash_9118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you very much for replying TAL. I know the staff has been doing their best, so i was willing to wait.
Here is the Log from the Kaspersky Webscanner :

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 18, 2008 3:10:25 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/05/2008
Kaspersky Anti-Virus database records: 783219
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 88170
Number of viruses found: 3
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 01:20:07

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Documents and Settings\admin\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\admin\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\xv0h2bgk.default\cert8.db Object is locked skipped
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\xv0h2bgk.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\xv0h2bgk.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\xv0h2bgk.default\history.dat Object is locked skipped
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\xv0h2bgk.default\key3.db Object is locked skipped
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\xv0h2bgk.default\parent.lock Object is locked skipped
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\xv0h2bgk.default\search.sqlite Object is locked skipped
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\xv0h2bgk.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\xv0h2bgk.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\admin\Application Data\PCToolsFirewallPlus\FirewallGUI.txt Object is locked skipped
C:\Documents and Settings\admin\Application Data\PCToolsFirewallPlus\FWPlugin.txt Object is locked skipped
C:\Documents and Settings\admin\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\admin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\xv0h2bgk.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\xv0h2bgk.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\xv0h2bgk.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\xv0h2bgk.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\admin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\admin\Local Settings\Temp\~DF8825.tmp Object is locked skipped
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\admin\ntuser.dat Object is locked skipped
C:\Documents and Settings\admin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsrm.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\PC Tools Firewall Plus\FirewallWrapper.txt Object is locked skipped
C:\Program Files\PC Tools Firewall Plus\FWService.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AECE2D8D-9B52-4C49-9513-A7A1864E1CD3}\RP177\A0210462.exe Infected: not-a-virus:AdTool.Win32.Zango.s skipped
C:\System Volume Information\_restore{AECE2D8D-9B52-4C49-9513-A7A1864E1CD3}\RP243\A0293483.exe/win32sys4bl.exe Infected: Backdoor.Win32.Bifrose.eep skipped
C:\System Volume Information\_restore{AECE2D8D-9B52-4C49-9513-A7A1864E1CD3}\RP243\A0293483.exe RAR: infected - 1 skipped
C:\System Volume Information\_restore{AECE2D8D-9B52-4C49-9513-A7A1864E1CD3}\RP281\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{AECE2D8D-9B52-4C49-9513-A7A1864E1CD3}\RP281\change.log Object is locked skipped

Scan process completed.

I will post the results from DSS in the next post.
Regards
ash_9118
  • 0

#4
ash_9118

ash_9118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
DSS only opened Main.txt, so here it is. I will try again see if i get the next notepad file.
DSS is done here is the Main.txt notepad file :
Deckard's System Scanner v20071014.68
Run by admin on 2008-05-18 15:12:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:00 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\calc.exe
C:\Documents and Settings\admin\Desktop\Ashwin\Other\dss.exe
C:\DOCUME~1\admin\Desktop\Ashwin\Other\HJ\admin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201821736265
O17 - HKLM\System\CCS\Services\Tcpip\..\{41769AAE-BC93-46B4-8744-8C5CA69F5DBF}: NameServer = 85.255.116.164 85.255.112.81
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5398 bytes

-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 13:28:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-18 13:28:01 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-18 13:27:59 0 d-------- C:\WINDOWS\LastGood
2008-05-17 16:28:12 0 d-------- C:\Program Files\ZD Soft
2008-05-17 16:25:33 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-16 18:40:12 0 d-------- C:\Documents and Settings\admin\.frugoo_file_store_32
2008-05-13 17:14:05 5242880 --a------ C:\Documents and Settings\admin\ntuser.dat
2008-05-12 20:32:05 0 dr-h----- C:\Documents and Settings\admin\Recent
2008-05-11 08:52:13 393216 --a------ C:\WINDOWS\system32\iMagicErrorLibrary.dll <Not Verified; iMagic; Innovasys vbCodeShield>
2008-05-11 08:52:12 161280 --a------ C:\WINDOWS\system32\TALBC.DLL
2008-05-11 08:52:12 163840 --a------ C:\WINDOWS\system32\FlicPlusSDK_Win32_API.dll
2008-05-11 08:52:11 0 d-------- C:\Program Files\iMagic Inventory
2008-05-09 13:11:32 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-08 17:10:18 0 d-------- C:\Program Files\Google
2008-05-07 16:50:58 0 d--h----- C:\$AVG8.VAULT$
2008-05-07 16:38:01 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-07 16:38:01 0 d-------- C:\Documents and Settings\admin\Application Data\AVGTOOLBAR
2008-05-07 16:37:53 0 d-------- C:\Program Files\AVG
2008-05-07 16:37:53 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-07 16:21:08 0 d-------- C:\Program Files\Spyware Doctor
2008-05-07 16:21:08 0 d-------- C:\Documents and Settings\admin\Application Data\PC Tools
2008-05-06 21:40:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-06 18:35:35 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-04 22:15:00 225 --a------ C:\WINDOWS\fastaero_config
2008-05-04 22:14:19 781824 --a------ C:\WINDOWS\FastAeroConfig.exe <Not Verified; ; FastAero Setting>
2008-05-03 16:43:14 0 d-------- C:\Documents and Settings\admin\Application Data\Help
2008-05-02 23:53:30 0 d--h----- C:\Documents and Settings\admin\Recent(2)
2008-05-02 21:04:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-02 18:46:33 0 d-------- C:\Program Files\HyCam2
2008-05-02 18:43:25 2048 --a------ C:\WINDOWS\system32\Tr_sttool.dat
2008-05-02 18:43:24 0 d-------- C:\Program Files\Bulent's Screen Recorder 4
2008-05-02 14:58:41 0 d-------- C:\Documents and Settings\admin\dwhelper
2008-05-02 13:44:10 233472 -----n--- C:\WINDOWS\system32\wpcap.dll <Not Verified; CACE Technologies; WinPcap high level library>
2008-05-02 13:44:10 61440 -----n--- C:\WINDOWS\system32\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2008-05-02 13:44:10 81920 -----n--- C:\WINDOWS\system32\Packet.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2008-05-02 13:44:10 32512 -----n--- C:\WINDOWS\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2008-05-01 16:09:35 0 d-------- C:\Program Files\iTunes
2008-05-01 15:46:27 0 d-------- C:\Documents and Settings\admin\Application Data\DivX
2008-05-01 13:36:15 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-25 19:20:18 0 d-------- C:\Program Files\SonicWallES
2008-04-25 14:16:51 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-22 18:08:14 0 d-------- C:\Program Files\BitDefender
2008-04-22 18:07:00 0 d-------- C:\Program Files\Common Files\BitDefender
2008-04-22 18:05:59 0 d-------- C:\kav
2008-04-22 13:07:07 0 d-------- C:\Documents and Settings\admin\Application Data\CDBurnerXP_Soft
2008-04-22 13:06:44 0 d-------- C:\Program Files\CDBurnerXP
2008-04-20 15:49:49 32377 --a------ C:\WINDOWS\system32\drivers\prodigy.sys <Not Verified; B-phreaks; >
2008-04-20 13:59:11 0 d-------- C:\Documents and Settings\admin\Application Data\utorrent
2008-04-19 23:27:46 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-19 23:10:23 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-19 23:10:09 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-19 23:09:59 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-04-18 20:59:11 0 d-------- C:\Documents and Settings\admin\Application Data\PowerChallenge


-- Find3M Report ---------------------------------------------------------------

2008-05-18 10:01:07 0 d-------- C:\Documents and Settings\admin\Application Data\FileZilla
2008-05-17 16:32:29 0 d-------- C:\Program Files\PC Tools Firewall Plus
2008-05-17 15:58:15 0 d-------- C:\Program Files\Common Files
2008-05-17 15:51:43 0 d-------- C:\Documents and Settings\admin\Application Data\Mozilla
2008-05-09 01:35:03 0 d-------- C:\Program Files\Safari
2008-05-04 16:03:46 0 d-------- C:\Program Files\DivX
2008-05-04 15:43:48 685775 --a------ C:\Documents and Settings\admin\Application Data\NMM-MetaData.db
2008-05-04 15:35:34 0 d-------- C:\Program Files\LimeWire
2008-05-02 14:46:40 0 d-------- C:\Program Files\QuickTime
2008-05-01 19:30:36 0 d-------- C:\Program Files\Apple Software Update
2008-05-01 16:09:42 0 d-------- C:\Program Files\iPod
2008-04-19 23:27:47 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-15 19:26:18 0 d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-04-14 14:41:34 50880 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-13 15:17:24 0 d-------- C:\Program Files\MSECache
2008-04-12 22:03:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-11 21:32:47 0 d-------- C:\Program Files\Wisdom-soft MotionStudio
2008-04-09 20:15:32 0 d-------- C:\Program Files\Java
2008-04-08 22:44:57 0 d-------- C:\Program Files\Adobe CS3
2008-04-07 17:23:51 0 d-------- C:\Documents and Settings\admin\Application Data\NCH Swift Sound
2008-04-06 15:33:20 0 d-------- C:\Documents and Settings\admin\Application Data\Microsoft Games
2008-04-06 14:57:56 0 d-------- C:\Program Files\uTorrent
2008-04-05 16:21:06 0 d-------- C:\Program Files\Yahoo!
2008-04-05 14:52:20 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-05 14:52:19 0 d-------- C:\Program Files\MSN Messenger
2008-04-05 14:43:03 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-05 14:16:57 0 d-------- C:\Program Files\Windows Live
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 21:06:03 0 d-------- C:\Documents and Settings\admin\Application Data\Nokia Multimedia Player
2008-03-24 18:22:15 0 d-------- C:\Documents and Settings\admin\Application Data\Ulead Systems
2008-03-24 18:18:07 0 d-------- C:\Program Files\Common Files\SONY Digital Images
2008-03-24 18:18:04 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-24 18:16:16 0 d-------- C:\Program Files\SmartSound Software
2008-03-24 18:14:44 0 d-------- C:\Program Files\Windows Media Components
2008-03-24 18:11:00 0 d-------- C:\Program Files\Ulead Systems
2008-03-22 22:09:19 0 d-------- C:\Documents and Settings\admin\Application Data\Adobe
2008-03-22 22:09:13 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-22 21:52:48 0 d-------- C:\Documents and Settings\admin\Application Data\dvdcss
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 19:14:25 0 d-------- C:\Documents and Settings\admin\Application Data\Uniblue
2008-03-18 17:24:32 0 d-------- C:\Program Files\Alwil Software
2008-03-12 10:00:31 2578 --a------ C:\WINDOWS\mozver.dat
2008-02-27 16:52:31 49152 --a------ C:\WINDOWS\system32\ArmAccess.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/11/2008 12:29 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/11/2008 12:29 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [04/12/2008 01:06 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/07/2008 04:37 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^F-Secure Automatic Update.lnk]
backup=C:\WINDOWS\pss\F-Secure Automatic Update.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"C:\Program Files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"




-- End of Deckard's System Scanner: finished at 2008-05-18 15:14:06 ------------

Edited by ash_9118, 18 May 2008 - 01:23 PM.

  • 0

#5
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi ash,

Your computer appears to be clean from malware :) I see only one bad file.

Please download the OTMoveIt2 by OldTimer. Please note: If you already have OTMoveIt on your system, please replace it with this newer version.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Include the OTMoveIt log and the DSS main.txt log in your next reply.
  • 0

#6
ash_9118

ash_9118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I try my best to keep my pc clean but some how these two viruses came.It seemed like Move it didnt seem to find the popcaploader.dll. So i found it manually here is location please tell me what to do, because i dont want to delete it without consulting an expert first C:\Deckard\System Scanner\20080518151250\backup\WINDOWS\Downloaded Program Files.
Here is the move it log:

File/Folder C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05182008_214706

Here is the DSS main.txt log:
Deckard's System Scanner v20071014.68
Run by admin on 2008-05-18 22:28:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:33 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\admin\Desktop\Ashwin\Back Ups\USB backup\QHW\qhw.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\admin\Desktop\Ashwin\Other\dss.exe
C:\DOCUME~1\admin\Desktop\Ashwin\Other\HJ\admin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201821736265
O17 - HKLM\System\CCS\Services\Tcpip\..\{41769AAE-BC93-46B4-8744-8C5CA69F5DBF}: NameServer = 85.255.116.164 85.255.112.81
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5535 bytes

-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 13:28:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-18 13:28:01 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-17 16:28:12 0 d-------- C:\Program Files\ZD Soft
2008-05-17 16:25:33 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-16 18:40:12 0 d-------- C:\Documents and Settings\admin\.frugoo_file_store_32
2008-05-13 17:14:05 5242880 --a------ C:\Documents and Settings\admin\ntuser.dat
2008-05-12 20:32:05 0 dr-h----- C:\Documents and Settings\admin\Recent
2008-05-11 08:52:13 393216 --a------ C:\WINDOWS\system32\iMagicErrorLibrary.dll <Not Verified; iMagic; Innovasys vbCodeShield>
2008-05-11 08:52:12 161280 --a------ C:\WINDOWS\system32\TALBC.DLL
2008-05-11 08:52:12 163840 --a------ C:\WINDOWS\system32\FlicPlusSDK_Win32_API.dll
2008-05-11 08:52:11 0 d-------- C:\Program Files\iMagic Inventory
2008-05-09 13:11:32 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-08 17:10:18 0 d-------- C:\Program Files\Google
2008-05-07 16:50:58 0 d--h----- C:\$AVG8.VAULT$
2008-05-07 16:38:01 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-07 16:38:01 0 d-------- C:\Documents and Settings\admin\Application Data\AVGTOOLBAR
2008-05-07 16:37:53 0 d-------- C:\Program Files\AVG
2008-05-07 16:37:53 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-07 16:21:08 0 d-------- C:\Program Files\Spyware Doctor
2008-05-07 16:21:08 0 d-------- C:\Documents and Settings\admin\Application Data\PC Tools
2008-05-06 21:40:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-06 18:35:35 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-04 22:15:00 225 --a------ C:\WINDOWS\fastaero_config
2008-05-04 22:14:19 781824 --a------ C:\WINDOWS\FastAeroConfig.exe <Not Verified; ; FastAero Setting>
2008-05-03 16:43:14 0 d-------- C:\Documents and Settings\admin\Application Data\Help
2008-05-02 23:53:30 0 d--h----- C:\Documents and Settings\admin\Recent(2)
2008-05-02 21:04:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-02 18:46:33 0 d-------- C:\Program Files\HyCam2
2008-05-02 18:43:25 2048 --a------ C:\WINDOWS\system32\Tr_sttool.dat
2008-05-02 18:43:24 0 d-------- C:\Program Files\Bulent's Screen Recorder 4
2008-05-02 14:58:41 0 d-------- C:\Documents and Settings\admin\dwhelper
2008-05-02 13:44:10 233472 -----n--- C:\WINDOWS\system32\wpcap.dll <Not Verified; CACE Technologies; WinPcap high level library>
2008-05-02 13:44:10 61440 -----n--- C:\WINDOWS\system32\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2008-05-02 13:44:10 81920 -----n--- C:\WINDOWS\system32\Packet.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2008-05-02 13:44:10 32512 -----n--- C:\WINDOWS\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2008-05-01 16:09:35 0 d-------- C:\Program Files\iTunes
2008-05-01 15:46:27 0 d-------- C:\Documents and Settings\admin\Application Data\DivX
2008-05-01 13:36:15 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-25 19:20:18 0 d-------- C:\Program Files\SonicWallES
2008-04-25 14:16:51 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-22 18:08:14 0 d-------- C:\Program Files\BitDefender
2008-04-22 18:07:00 0 d-------- C:\Program Files\Common Files\BitDefender
2008-04-22 18:05:59 0 d-------- C:\kav
2008-04-22 13:07:07 0 d-------- C:\Documents and Settings\admin\Application Data\CDBurnerXP_Soft
2008-04-22 13:06:44 0 d-------- C:\Program Files\CDBurnerXP
2008-04-20 15:49:49 32377 --a------ C:\WINDOWS\system32\drivers\prodigy.sys <Not Verified; B-phreaks; >
2008-04-20 13:59:11 0 d-------- C:\Documents and Settings\admin\Application Data\utorrent
2008-04-19 23:27:46 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-19 23:10:23 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-19 23:10:09 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-19 23:09:59 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-04-18 20:59:11 0 d-------- C:\Documents and Settings\admin\Application Data\PowerChallenge


-- Find3M Report ---------------------------------------------------------------

2008-05-18 10:01:07 0 d-------- C:\Documents and Settings\admin\Application Data\FileZilla
2008-05-17 16:32:29 0 d-------- C:\Program Files\PC Tools Firewall Plus
2008-05-17 15:58:15 0 d-------- C:\Program Files\Common Files
2008-05-17 15:51:43 0 d-------- C:\Documents and Settings\admin\Application Data\Mozilla
2008-05-09 01:35:03 0 d-------- C:\Program Files\Safari
2008-05-04 16:03:46 0 d-------- C:\Program Files\DivX
2008-05-04 15:43:48 685775 --a------ C:\Documents and Settings\admin\Application Data\NMM-MetaData.db
2008-05-04 15:35:34 0 d-------- C:\Program Files\LimeWire
2008-05-02 14:46:40 0 d-------- C:\Program Files\QuickTime
2008-05-01 19:30:36 0 d-------- C:\Program Files\Apple Software Update
2008-05-01 16:09:42 0 d-------- C:\Program Files\iPod
2008-04-19 23:27:47 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-15 19:26:18 0 d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-04-14 14:41:34 50880 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-13 15:17:24 0 d-------- C:\Program Files\MSECache
2008-04-12 22:03:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-11 21:32:47 0 d-------- C:\Program Files\Wisdom-soft MotionStudio
2008-04-09 20:15:32 0 d-------- C:\Program Files\Java
2008-04-08 22:44:57 0 d-------- C:\Program Files\Adobe CS3
2008-04-07 17:23:51 0 d-------- C:\Documents and Settings\admin\Application Data\NCH Swift Sound
2008-04-06 15:33:20 0 d-------- C:\Documents and Settings\admin\Application Data\Microsoft Games
2008-04-06 14:57:56 0 d-------- C:\Program Files\uTorrent
2008-04-05 16:21:06 0 d-------- C:\Program Files\Yahoo!
2008-04-05 14:52:20 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-05 14:52:19 0 d-------- C:\Program Files\MSN Messenger
2008-04-05 14:43:03 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-05 14:16:57 0 d-------- C:\Program Files\Windows Live
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 21:06:03 0 d-------- C:\Documents and Settings\admin\Application Data\Nokia Multimedia Player
2008-03-24 18:22:15 0 d-------- C:\Documents and Settings\admin\Application Data\Ulead Systems
2008-03-24 18:18:07 0 d-------- C:\Program Files\Common Files\SONY Digital Images
2008-03-24 18:18:04 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-24 18:16:16 0 d-------- C:\Program Files\SmartSound Software
2008-03-24 18:14:44 0 d-------- C:\Program Files\Windows Media Components
2008-03-24 18:11:00 0 d-------- C:\Program Files\Ulead Systems
2008-03-22 22:09:19 0 d-------- C:\Documents and Settings\admin\Application Data\Adobe
2008-03-22 22:09:13 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-22 21:52:48 0 d-------- C:\Documents and Settings\admin\Application Data\dvdcss
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 19:14:25 0 d-------- C:\Documents and Settings\admin\Application Data\Uniblue
2008-03-18 17:24:32 0 d-------- C:\Program Files\Alwil Software
2008-03-12 10:00:31 2578 --a------ C:\WINDOWS\mozver.dat
2008-02-27 16:52:31 49152 --a------ C:\WINDOWS\system32\ArmAccess.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/11/2008 12:29 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/11/2008 12:29 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [04/12/2008 01:06 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/07/2008 04:37 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^F-Secure Automatic Update.lnk]
backup=C:\WINDOWS\pss\F-Secure Automatic Update.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"C:\Program Files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"




-- End of Deckard's System Scanner: finished at 2008-05-18 22:29:22 ------------

Edited by ash_9118, 18 May 2008 - 09:02 PM.

  • 0

#7
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Yup, you can delete it. I'm not sure about Spyware Doctor. Probably a false positive, I don't see anything there. Can you point out any specific issues with the PC?

Tal
  • 0

#8
ash_9118

ash_9118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
here it is when i try to connect to the internet i get this message : "TCP/IP CP error 5: Access is denied" That is the message i get when i try to connect to internet

then a pop-up from Spyware Doctor comes saying this:

Spyware Doctor has blocked an application svchost.exe from attempting to write to the registry
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\INTERFACES\{933C50AE-66DE-49-36-9FA2-63FD9136E8A9},NAMESREVER ="86.255.114.54.85.255"
Threat: Trojan-Downloader.Popuper
Risk: High

If i disable on gaurd and connect to the internet it connects fine.

Edited by ash_9118, 19 May 2008 - 03:02 PM.

  • 0

#9
ash_9118

ash_9118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hey i fixed my problem spyware doctor doesnt give me the problem anymore. You know the ip name it gives from spyware doctor when i try to connect to the internet well when i was looking in Hijackthis log i found it over there so selected it and fixed checked it. I took a backup just in case. UNFORTUNATELY AFTER TWO REBOOTS THE PROBLEM COMES BACK AGAIN!!!!!!!!! Do you want another log of my comp to see if there is anything wrong?

Edited by ash_9118, 20 May 2008 - 07:53 PM.

  • 0

#10
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
I have no idea how I missed that entry :) :) :) That's Wareout, you won't be able to fix it on your own. For future reference, don't fix any entries on your own. They can appear to be bad, but unlike this time you can 'fix' something necessary for the system.

Please download FixWareout from here:
http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new DSS log.
  • 0

Advertisements


#11
ash_9118

ash_9118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
The Fix things log:
Username "admin" - 05/21/2008 16:41:13 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
"ISTray"="\"C:\\Program Files\\Spyware Doctor\\pctsTray.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"00PCTFW"="\"C:\\Program Files\\PC Tools Firewall Plus\\FirewallGUI.exe\" -s"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


The DSS log:

Deckard's System Scanner v20071014.68
Run by admin on 2008-05-21 16:59:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:05 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\admin\Desktop\Ashwin\Back Ups\USB backup\QHW\qhw.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Documents and Settings\admin\Desktop\Ashwin\Other\dss.exe
C:\DOCUME~1\admin\Desktop\Ashwin\Other\HJ\admin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201821736265
O17 - HKLM\System\CCS\Services\Tcpip\..\{41769AAE-BC93-46B4-8744-8C5CA69F5DBF}: NameServer = 85.255.116.164 85.255.112.81
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5620 bytes

-- Files created between 2008-04-21 and 2008-05-21 -----------------------------

2008-05-20 19:00:09 93440 --a------ C:\WINDOWS\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>
2008-05-20 19:00:08 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-20 18:06:32 0 d-------- C:\Program Files\Common Files\L&H
2008-05-20 01:36:14 0 d-------- C:\Documents and Settings\admin\Application Data\Yahoo! Messenger
2008-05-19 17:50:43 0 d-------- C:\Program Files\Siber Systems
2008-05-18 13:28:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-18 13:28:01 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-17 16:28:12 0 d-------- C:\Program Files\ZD Soft
2008-05-13 17:14:05 5505024 --a------ C:\Documents and Settings\admin\ntuser.dat
2008-05-12 20:32:05 0 dr-h----- C:\Documents and Settings\admin\Recent
2008-05-11 08:52:13 393216 --a------ C:\WINDOWS\system32\iMagicErrorLibrary.dll <Not Verified; iMagic; Innovasys vbCodeShield>
2008-05-11 08:52:12 161280 --a------ C:\WINDOWS\system32\TALBC.DLL
2008-05-11 08:52:12 163840 --a------ C:\WINDOWS\system32\FlicPlusSDK_Win32_API.dll
2008-05-11 08:52:11 0 d-------- C:\Program Files\iMagic Inventory
2008-05-09 13:11:32 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-08 17:10:18 0 d-------- C:\Program Files\Google
2008-05-07 16:50:58 0 d--h----- C:\$AVG8.VAULT$
2008-05-07 16:38:01 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-07 16:38:01 0 d-------- C:\Documents and Settings\admin\Application Data\AVGTOOLBAR
2008-05-07 16:37:53 0 d-------- C:\Program Files\AVG
2008-05-07 16:37:53 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-07 16:21:08 0 d-------- C:\Program Files\Spyware Doctor
2008-05-07 16:21:08 0 d-------- C:\Documents and Settings\admin\Application Data\PC Tools
2008-05-06 21:40:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-06 18:35:35 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-04 22:15:00 225 --a------ C:\WINDOWS\fastaero_config
2008-05-04 22:14:19 781824 --a------ C:\WINDOWS\FastAeroConfig.exe <Not Verified; ; FastAero Setting>
2008-05-03 16:43:14 0 d-------- C:\Documents and Settings\admin\Application Data\Help
2008-05-02 23:53:30 0 d--h----- C:\Documents and Settings\admin\Recent(2)
2008-05-02 21:04:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-02 18:46:33 0 d-------- C:\Program Files\HyCam2
2008-05-02 18:43:25 2048 --a------ C:\WINDOWS\system32\Tr_sttool.dat
2008-05-02 18:43:24 0 d-------- C:\Program Files\Bulent's Screen Recorder 4
2008-05-02 14:58:41 0 d-------- C:\Documents and Settings\admin\dwhelper
2008-05-02 13:44:10 233472 -----n--- C:\WINDOWS\system32\wpcap.dll <Not Verified; CACE Technologies; WinPcap high level library>
2008-05-02 13:44:10 61440 -----n--- C:\WINDOWS\system32\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2008-05-02 13:44:10 81920 -----n--- C:\WINDOWS\system32\Packet.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2008-05-02 13:44:10 32512 -----n--- C:\WINDOWS\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2008-05-01 16:09:35 0 d-------- C:\Program Files\iTunes
2008-05-01 15:46:27 0 d-------- C:\Documents and Settings\admin\Application Data\DivX
2008-05-01 13:36:15 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-25 19:20:18 0 d-------- C:\Program Files\SonicWallES
2008-04-25 14:16:51 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-22 18:08:14 0 d-------- C:\Program Files\BitDefender
2008-04-22 18:07:00 0 d-------- C:\Program Files\Common Files\BitDefender
2008-04-22 18:05:59 0 d-------- C:\kav
2008-04-22 13:07:07 0 d-------- C:\Documents and Settings\admin\Application Data\CDBurnerXP_Soft
2008-04-22 13:06:44 0 d-------- C:\Program Files\CDBurnerXP


-- Find3M Report ---------------------------------------------------------------

2008-05-20 19:04:31 0 d-------- C:\Program Files\PC Tools Firewall Plus
2008-05-20 19:00:08 0 d-------- C:\Program Files\Common Files
2008-05-20 18:02:12 0 d-------- C:\Documents and Settings\admin\Application Data\utorrent
2008-05-20 17:52:03 0 d-------- C:\Program Files\LimeWire
2008-05-20 17:44:42 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-18 10:01:07 0 d-------- C:\Documents and Settings\admin\Application Data\FileZilla
2008-05-17 15:51:43 0 d-------- C:\Documents and Settings\admin\Application Data\Mozilla
2008-05-09 01:35:03 0 d-------- C:\Program Files\Safari
2008-05-04 16:03:46 0 d-------- C:\Program Files\DivX
2008-05-04 15:43:48 685775 --a------ C:\Documents and Settings\admin\Application Data\NMM-MetaData.db
2008-05-02 14:46:40 0 d-------- C:\Program Files\QuickTime
2008-05-01 19:30:36 0 d-------- C:\Program Files\Apple Software Update
2008-05-01 16:09:42 0 d-------- C:\Program Files\iPod
2008-04-20 13:56:20 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-19 23:27:47 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-18 21:20:00 0 d-------- C:\Documents and Settings\admin\Application Data\PowerChallenge
2008-04-15 19:26:18 0 d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-04-14 14:41:34 50880 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-13 15:17:24 0 d-------- C:\Program Files\MSECache
2008-04-12 22:03:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-11 21:32:47 0 d-------- C:\Program Files\Wisdom-soft MotionStudio
2008-04-09 20:15:32 0 d-------- C:\Program Files\Java
2008-04-08 22:44:57 0 d-------- C:\Program Files\Adobe CS3
2008-04-07 17:23:51 0 d-------- C:\Documents and Settings\admin\Application Data\NCH Swift Sound
2008-04-06 15:33:20 0 d-------- C:\Documents and Settings\admin\Application Data\Microsoft Games
2008-04-06 14:57:56 0 d-------- C:\Program Files\uTorrent
2008-04-05 16:21:06 0 d-------- C:\Program Files\Yahoo!
2008-04-05 14:52:20 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-05 14:52:19 0 d-------- C:\Program Files\MSN Messenger
2008-04-05 14:43:03 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-05 14:16:57 0 d-------- C:\Program Files\Windows Live
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 21:06:03 0 d-------- C:\Documents and Settings\admin\Application Data\Nokia Multimedia Player
2008-03-24 18:22:15 0 d-------- C:\Documents and Settings\admin\Application Data\Ulead Systems
2008-03-24 18:18:07 0 d-------- C:\Program Files\Common Files\SONY Digital Images
2008-03-24 18:18:04 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-24 18:16:16 0 d-------- C:\Program Files\SmartSound Software
2008-03-24 18:14:44 0 d-------- C:\Program Files\Windows Media Components
2008-03-24 18:11:00 0 d-------- C:\Program Files\Ulead Systems
2008-03-22 22:09:19 0 d-------- C:\Documents and Settings\admin\Application Data\Adobe
2008-03-22 22:09:13 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-22 21:52:48 0 d-------- C:\Documents and Settings\admin\Application Data\dvdcss
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-12 10:00:31 2578 --a------ C:\WINDOWS\mozver.dat
2008-02-27 16:52:31 49152 --a------ C:\WINDOWS\system32\ArmAccess.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/11/2008 12:29 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/11/2008 12:29 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/07/2008 04:37 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [05/20/2008 07:03 PM]
C:\DOCUME~1\admin\LOCALS~1\Temp\~tnwpddl.tmp\temp00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/07/2008 04:37 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [05/20/2008 07:03 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
C:\DOCUME~1\admin\LOCALS~1\Temp\~tnwpddl.tmp\temp01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^F-Secure Automatic Update.lnk]
backup=C:\WINDOWS\pss\F-Secure Automatic Update.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"C:\Program Files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"




-- End of Deckard's System Scanner: finished at 2008-05-21 17:01:15 ------------


There you go. Good Luck.
  • 0

#12
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi. That Wareout is still there. Let's try OTScanIt.

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
  • 0

#13
ash_9118

ash_9118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
[code=auto:0]OTScanIt logfile created on: 5/23/2008 6:40:12 PM
OTScanIt by OldTimer - Version 1.0.14.3 Folder = C:\Documents and Settings\admin\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 68.38% Memory free
3.29 Gb Paging File | 2.82 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 51.50 Gb Free Space | 69.10% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 68.47 Gb Free Space | 91.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPANY-40A2AE2
Current User Name: admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
fwservice.exe -> %ProgramFiles%\PC Tools Firewall Plus\FWService.exe -> PC Tools [Ver = 3, 0, 1, 9 | Size = 92056 bytes | Modified Date = 2/25/2008 4:49:02 PM | Attr = ]
avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 5/7/2008 4:37:55 PM | Attr = ]
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.1.1 | Size = 1107848 bytes | Modified Date = 4/10/2008 3:14:30 PM | Attr = ]
firewallgui.exe -> %ProgramFiles%\PC Tools Firewall Plus\FirewallGUI.exe -> PC Tools [Ver = 3, 0, 1, 10 | Size = 2594712 bytes | Modified Date = 5/20/2008 7:03:42 PM | Attr = ]
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 5/7/2008 4:37:54 PM | Attr = ]
pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5, 5, 1, 0 | Size = 337800 bytes | Modified Date = 4/10/2008 3:14:26 PM | Attr = ]
pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.1.9 | Size = 1017224 bytes | Modified Date = 4/17/2008 2:19:02 PM | Attr = ]
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.84 | Size = 311576 bytes | Modified Date = 5/7/2008 4:37:57 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.3 | Size = 374272 bytes | Modified Date = 5/23/2008 11:55:32 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 3:40:04 AM | Attr = ]
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 5/7/2008 4:37:54 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ]
(NMSAccessU) NMSAccessU [Win32_Own | Auto | Stopped] -> %ProgramFiles%\CDBurnerXP\NMSAccessU.exe -> [Ver = | Size = 71096 bytes | Modified Date = 3/9/2008 11:20:26 AM | Attr = ]
(PCToolsFirewallPlus) PC Tools Firewall Plus [Win32_Own | Auto | Running] -> %ProgramFiles%\PC Tools Firewall Plus\FWService.exe -> PC Tools [Ver = 3, 0, 1, 9 | Size = 92056 bytes | Modified Date = 2/25/2008 4:49:02 PM | Attr = ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5, 5, 1, 0 | Size = 337800 bytes | Modified Date = 4/10/2008 3:14:26 PM | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.1.9 | Size = 1017224 bytes | Modified Date = 4/17/2008 2:19:02 PM | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 85, 91, 18 | Size = 353280 bytes | Modified Date = 12/10/2007 2:59:04 PM | Attr = ]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr = ]

[Driver Services - Non-Microsoft Only]
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\ADIHdAud.sys -> File not found
(AEAudioService) AEAudio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\AEAudio.sys -> File not found
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Modified Date = 9/17/2007 5:34:10 AM | Attr = ]
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 5/7/2008 4:38:05 PM | Attr = ]
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 5/7/2008 4:38:03 PM | Attr = ]
(BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BrScnUsb.sys -> Brother Industries Ltd. [Ver = 1,0,2,1 | Size = 15295 bytes | Modified Date = 10/15/2004 1:50:20 PM | Attr = ]
(BrSerIf) Brother MFC Serial Port Interface WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BrSerIf.sys -> Brother Industries Ltd. [Ver = 1.0.2.2 built by: WinDDK | Size = 51712 bytes | Modified Date = 9/29/2004 4:24:38 AM | Attr = ]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,0,7 built by: WinDDK | Size = 11648 bytes | Modified Date = 1/10/2004 5:28:18 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
(FET5X86V) VIA Rhine-Family Fast-Ethernet Adapter Driver Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fetnd5bv.sys -> VIA Technologies, Inc. [Ver = 3.73.0.458 | Size = 43520 bytes | Modified Date = 1/2/2008 3:12:24 AM | Attr = ]
(FETND5BV) VIA Rhine-Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5bv.sys -> VIA Technologies, Inc. [Ver = 3.73.0.458 | Size = 43520 bytes | Modified Date = 1/2/2008 3:12:24 AM | Attr = ]
(FETNDIS) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Modified Date = 8/17/2001 8:13:08 AM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ]
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudio.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5012 built by: WinDDK | Size = 145920 bytes | Modified Date = 10/27/2004 4:21:30 PM | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5012 built by: WinDDK | Size = 138240 bytes | Modified Date = 10/27/2004 4:21:36 PM | Attr = ]
(IKFileSec) File Security Driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Modified Date = 2/1/2008 11:55:52 AM | Attr = ]
(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 12/10/2007 1:53:28 PM | Attr = ]
(IKSysSec) System Security Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 12/10/2007 1:53:28 PM | Attr = ]
(nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcd.sys -> Nokia [Ver = 6.83.6.0 | Size = 137216 bytes | Modified Date = 2/22/2007 11:15:56 AM | Attr = ]
(nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdc.sys -> Nokia [Ver = 6.83.6.0 | Size = 8320 bytes | Modified Date = 2/22/2007 11:15:14 AM | Attr = ]
(nmwcdcj) Nokia USB Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcj.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Modified Date = 2/22/2007 11:15:14 AM | Attr = ]
(nmwcdcm) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcm.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Modified Date = 2/22/2007 11:15:14 AM | Attr = ]
(NPF) Netgroup Packet Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\npf.sys -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 32512 bytes | Modified Date = 8/3/2005 1:10:12 AM | Attr = ]
(NPPTNT2) NPPTNT2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\npptNT2.sys -> INCA Internet Co., Ltd. [Ver = 2005, 1, 5, 1 | Size = 4682 bytes | Modified Date = 1/2/2005 5:43:08 PM | Attr = ]
(pctfw2) pctfw2 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 1, 9 | Size = 159128 bytes | Modified Date = 2/25/2008 4:49:06 PM | Attr = ]
(pctmp) PC Tools Firewall Memory Protection Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pctmp.sys -> PCTools Research Pty Ltd. [Ver = 1.0.0.4 | Size = 40856 bytes | Modified Date = 2/21/2008 8:56:30 AM | Attr = ]
(pctssipc) PC Tools Security Suite IPC Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pctssipc.sys -> PC Tools Research Pty Ltd. [Ver = 1.0.0.5 built by: WinDDK | Size = 18328 bytes | Modified Date = 2/21/2008 8:56:32 AM | Attr = ]
(PRODIGY) PRODIGY [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\prodigy.sys -> B-phreaks [Ver = 1, 0, 0, 208 | Size = 32377 bytes | Modified Date = 8/29/2006 10:56:19 AM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
(scrcap) scrcap [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\scrcap.sys -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr = ]
(SenFiltService) SenFilt Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\Senfilt.sys -> File not found
(SFilter) PCTools Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pctfw.sys -> PC Tools [Ver = 3, 0, 1, 9 | Size = 93440 bytes | Modified Date = 2/25/2008 4:38:36 PM | Attr = ]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 2:56:16 PM | Attr = ]
(viagfx) viagfx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vtmini.sys -> Copyright (C) VIA/S3 Graphics Co, Ltd. [Ver = 6.14.10.0230-16.94.44.13 | Size = 226560 bytes | Modified Date = 1/22/2008 6:18:39 PM | Attr = ]
(vsdatant) vsdatant [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 394952 bytes | Modified Date = 3/13/2008 11:11:18 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
00PCTFW -> %ProgramFiles%\PC Tools Firewall Plus\FirewallGUI.exe ["C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s] -> PC Tools [Ver = 3, 0, 1, 10 | Size = 2594712 bytes | Modified Date = 5/20/2008 7:03:42 PM | Attr = ]
AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 5/7/2008 4:37:55 PM | Attr = ]
ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe ["C:\Program Files\Spyware Doctor\pctsTray.exe"] -> PC Tools [Ver = 5.5.1.1 | Size = 1107848 bytes | Modified Date = 4/10/2008 3:14:30 PM | Attr = ]
KernelFaultCheck -> [%systemroot%\system32\dumprep 0 -k] -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< admin Startup Folder > -> C:\Documents and Settings\admin\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 5/7/2008 4:38:06 PM | Attr = ]
*MultiFile Done* -> ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:54 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRAM_GSA-H10A________________JL02____\3235383630464536364635312020202020202020 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> 5&19694ff7&0&0.1.0 [IDE\CdRomCOMPAQ_CD-ROM_LTN403____________________DQ19____\5&19694ff7&0&0.1.0] -> File not found
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 1/22/2008 4:57:34 PM | Attr = ]
< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank ->
HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[msn] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.90 | Size = 419096 bytes | Modified Date = 5/10/2008 11:07:48 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.387 | Size = 2050816 bytes | Modified Date = 5/11/2008 12:29:01 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.387 | Size = 2050816 bytes | Modified Date = 5/11/2008 12:29:01 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.387 | Size = 2050816 bytes | Modified Date = 5/11/2008 12:29:01 PM | Attr = ]
WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.387 | Size = 2050816 bytes | Modified Date = 5/11/2008 12:29:01 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:34 AM | Attr = ]
CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6AC6F8F3-35B1-4A44-9BB7-1B63413D2171} -> (VIA Rhine II Fast Ethernet Adapter) ->
{D91F4567-8E9A-4474-A21B-A03A7F0EED93} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 5/7/2008 4:38:00 PM | Attr = ]
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[HxProtocol Class] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201821736265[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan82.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan82.ocx\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ReflexiveWebGameLoader.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ReflexiveWebGameLoader.dll\\.Owner -> {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 976 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 87 E3 B0 E0 E4 CD 43 93 D2 EF 03 73 F8 30 60 CD 61 36 32 32 35 36 65 30 00 FD 07 00 66 5C 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 5A 55 79 91 EA 88 22 B0 6A 56 36 A6 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 9C D6 13 2E 74 7B 88 48 2F [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> AB 65 1C 9E 04 6E [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 87 DD 2E B7 B7 EE A9 7A 28 BB DB FE 82 E4 A5 9A [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> FE 6C 07 BF 42 5D C8 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
  • 0

#14
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi. This is not the complete log. Either attach it to your post (Add Reply > Upload attachment) or make as much posts as necessary till you see the <End Of Report> line.

Tal
  • 0

#15
ash_9118

ash_9118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ontrolSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 55168 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 9/17/2007 10:26:25 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:37 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 4/30/2008 7:58:14 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 3/30/2008 10:36:34 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 796440 bytes | Modified Date = 5/7/2008 4:37:55 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->


[Files/Folders - Created Within 30 days]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Created Date = 5/7/2008 4:50:58 PM | Attr = H ]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 5/21/2008 4:40:16 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1542836224 bytes | Created Date = 5/2/2008 1:12:49 PM | Attr = HS]
rollback.ini -> %SystemDrive%\rollback.ini -> [Ver = | Size = 0 bytes | Created Date = 4/25/2008 2:29:20 PM | Attr = ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/14/2008 10:12:27 PM | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/15/2008 4:31:42 PM | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/14/2008 10:12:27 PM | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/15/2008 4:31:42 PM | Attr = H ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 5/18/2008 9:45:44 PM | Attr = ]
Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Created Date = 5/7/2008 4:38:01 PM | Attr = ]
1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp ->
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 5618689 bytes | Created Date = 5/7/2008 4:38:01 PM | Attr = ]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 23935165 bytes | Created Date = 5/7/2008 4:38:01 PM | Attr = ]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 28920 bytes | Created Date = 5/7/2008 4:38:01 PM | Attr = ]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 838585 bytes | Created Date = 5/7/2008 4:38:01 PM | Attr = ]
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Created Date = 5/7/2008 4:38:05 PM | Attr = ]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Created Date = 5/7/2008 4:38:03 PM | Attr = ]
ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Created Date = 5/7/2008 4:21:18 PM | Attr = ]
iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 5/7/2008 4:21:18 PM | Attr = ]
iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 5/7/2008 4:21:18 PM | Attr = ]
kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 5/7/2008 4:21:18 PM | Attr = ]
npf.sys -> %SystemRoot%\System32\drivers\npf.sys -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 32512 bytes | Created Date = 5/2/2008 1:44:10 PM | Attr = ]
pctfw.sys -> %SystemRoot%\System32\drivers\pctfw.sys -> PC Tools [Ver = 3, 0, 1, 9 | Size = 93440 bytes | Created Date = 5/20/2008 7:00:09 PM | Attr = ]
pctfw2.sys -> %SystemRoot%\System32\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 1, 9 | Size = 159128 bytes | Created Date = 5/20/2008 7:00:13 PM | Attr = ]
pctmp.sys -> %SystemRoot%\System32\drivers\pctmp.sys -> PCTools Research Pty Ltd. [Ver = 1.0.0.4 | Size = 40856 bytes | Created Date = 5/20/2008 7:00:08 PM | Attr = ]
pctssipc.sys -> %SystemRoot%\System32\drivers\pctssipc.sys -> PC Tools Research Pty Ltd. [Ver = 1.0.0.5 built by: WinDDK | Size = 18328 bytes | Created Date = 5/20/2008 7:00:08 PM | Attr = ]
actskn43.ocx -> %SystemRoot%\System32\actskn43.ocx -> [Ver = 4, 3, 0, 0 | Size = 389120 bytes | Created Date = 5/2/2008 1:44:10 PM | Attr = ]
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Created Date = 5/7/2008 4:38:06 PM | Attr = ]
c1awk.ocx -> %SystemRoot%\System32\c1awk.ocx -> ComponenetOne [Ver = 8, 0, 20051, 34 | Size = 196608 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ]
c1sizer.ocx -> %SystemRoot%\System32\c1sizer.ocx -> ComponenetOne [Ver = 8, 0, 20051, 34 | Size = 315392 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ]
FlicPlusSDK_Win32_API.dll -> %SystemRoot%\System32\FlicPlusSDK_Win32_API.dll -> [Ver = | Size = 163840 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ]
IGTabs40.ocx -> %SystemRoot%\System32\IGTabs40.ocx -> Infragistics, Inc. [Ver = 4.01.0006 | Size = 299008 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ]
iMagicErrorLibrary.dll -> %SystemRoot%\System32\iMagicErrorLibrary.dll -> iMagic [Ver = 1.00.0012 | Size = 393216 bytes | Created Date = 5/11/2008 8:52:13 AM | Attr = ]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 5/18/2008 1:28:01 PM | Attr = ]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
libeay32_0.9.6l.dll -> %SystemRoot%\System32\libeay32_0.9.6l.dll -> [Ver = | Size = 796048 bytes | Created Date = 5/6/2008 6:36:16 PM | Attr = ]
Packet.dll -> %SystemRoot%\System32\Packet.dll -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 81920 bytes | Created Date = 5/2/2008 1:44:10 PM | Attr = ]
Talbarcd.ocx -> %SystemRoot%\System32\Talbarcd.ocx -> TAL Technologies, Inc. [Ver = 2, 0, 0, 1 | Size = 139264 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ]
TALBC.DLL -> %SystemRoot%\System32\TALBC.DLL -> [Ver = | Size = 161280 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ]
Tr_sttool.dat -> %SystemRoot%\System32\Tr_sttool.dat -> [Ver = | Size = 2048 bytes | Created Date = 5/2/2008 6:43:25 PM | Attr = ]
vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [Ver = | Size = 352183 bytes | Created Date = 5/6/2008 6:35:35 PM | Attr = ]
vsdata.dll -> %SystemRoot%\System32\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 83432 bytes | Created Date = 5/6/2008 6:35:12 PM | Attr = ]
vsdatant.sys -> %SystemRoot%\System32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 394952 bytes | Created Date = 5/6/2008 6:35:35 PM | Attr = ]
vsflex8.ocx -> %SystemRoot%\System32\vsflex8.ocx -> ComponentOne [Ver = 8, 0, 20051, 216 | Size = 589824 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ]
vsinit.dll -> %SystemRoot%\System32\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 161256 bytes | Created Date = 5/6/2008 6:35:12 PM | Attr = ]
vsmonapi.dll -> %SystemRoot%\System32\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 103912 bytes | Created Date = 5/6/2008 6:35:35 PM | Attr = ]
vsprint8.ocx -> %SystemRoot%\System32\vsprint8.ocx -> ComponentOne [Ver = 8, 0, 20051, 116 | Size = 417792 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ]
vspubapi.dll -> %SystemRoot%\System32\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 275944 bytes | Created Date = 5/6/2008 6:35:35 PM | Attr = ]
vsregexp.dll -> %SystemRoot%\System32\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 71144 bytes | Created Date = 5/6/2008 6:36:16 PM | Attr = ]
vsrpt8.ocx -> %SystemRoot%\System32\vsrpt8.ocx -> [Ver = 8, 0, 20051, 136 | Size = 479232 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ]
vsutil.dll -> %SystemRoot%\System32\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 472552 bytes | Created Date = 5/6/2008 6:35:12 PM | Attr = ]
vswmi.dll -> %SystemRoot%\System32\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 46568 bytes | Created Date = 5/6/2008 6:35:38 PM | Attr = ]
vsxml.dll -> %SystemRoot%\System32\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 99816 bytes | Created Date = 5/6/2008 6:35:36 PM | Attr = ]
WanPacket.dll -> %SystemRoot%\System32\WanPacket.dll -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 61440 bytes | Created Date = 5/2/2008 1:44:10 PM | Attr = ]
wpcap.dll -> %SystemRoot%\System32\wpcap.dll -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 233472 bytes | Created Date = 5/2/2008 1:44:10 PM | Attr = ]
XButton.ocx -> %SystemRoot%\System32\XButton.ocx -> Acrotech Solutions [Ver = 1.00 | Size = 57344 bytes | Created Date = 5/2/2008 1:44:10 PM | Attr = ]
xvid.ax -> %SystemRoot%\System32\xvid.ax -> [Ver = | Size = 77824 bytes | Created Date = 5/1/2008 4:00:00 PM | Attr = ]
zlcomm.dll -> %SystemRoot%\System32\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 83432 bytes | Created Date = 5/6/2008 6:36:07 PM | Attr = ]
zlcommdb.dll -> %SystemRoot%\System32\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 71144 bytes | Created Date = 5/6/2008 6:36:08 PM | Attr = ]
ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Created Date = 5/6/2008 6:35:35 PM | Attr = ]
zpeng24.dll -> %SystemRoot%\System32\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 5/6/2008 6:35:36 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 5/9/2008 1:11:32 PM | Attr = S]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
FastAeroConfig.exe -> %SystemRoot%\FastAeroConfig.exe -> [Ver = 0.3.0.0 | Size = 781824 bytes | Created Date = 5/4/2008 10:14:19 PM | Attr = ]
fastaero_config -> %SystemRoot%\fastaero_config -> [Ver = | Size = 225 bytes | Created Date = 5/4/2008 10:15:00 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 5/22/2008 6:56:23 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 5/22/2008 6:56:23 PM | Attr = H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Created Date = 5/7/2008 4:37:53 PM | Attr = ]
Azureus -> %AllUsersProfile%\Application Data\Azureus -> [Folder | Created Date = 5/2/2008 9:04:35 PM | Attr = ]
Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Created Date = 5/6/2008 9:40:07 PM | Attr = ]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 5/18/2008 1:28:04 PM | Attr = ]
AVGTOOLBAR -> %AppData%\AVGTOOLBAR -> [Folder | Created Date = 5/7/2008 4:38:01 PM | Attr = ]
DivX -> %AppData%\DivX -> [Folder | Created Date = 5/1/2008 3:46:27 PM | Attr = ]
Help -> %AppData%\Help -> [Folder | Created Date = 5/3/2008 4:43:14 PM | Attr = ]
PC Tools -> %AppData%\PC Tools -> [Folder | Created Date = 5/7/2008 4:21:08 PM | Attr = ]
Yahoo! Messenger -> %AppData%\Yahoo! Messenger -> [Folder | Created Date = 5/20/2008 1:36:14 AM | Attr = ]
Axialis -> %UserProfile%\Local Settings\Application Data\Axialis -> [Folder | Created Date = 5/19/2008 4:28:19 PM | Attr = ]
BSR Videos -> %UserProfile%\My Documents\BSR Videos -> [Folder | Created Date = 5/2/2008 6:43:43 PM | Attr = ]
clip0001.avi -> %UserProfile%\My Documents\clip0001.avi -> [Ver = | Size = 1754400 bytes | Created Date = 5/7/2008 9:09:53 PM | Attr = ]
front.pdf -> %UserProfile%\My Documents\front.pdf -> [Ver = | Size = 222206 bytes | Created Date = 4/25/2008 9:23:31 AM | Attr = ]
Stardock -> %UserProfile%\My Documents\Stardock -> [Folder | Created Date = 5/13/2008 8:04:34 PM | Attr = ]
Bank_Information.doc -> %UserProfile%\Desktop\Bank_Information.doc -> [Ver = | Size = 24064 bytes | Created Date = 5/21/2008 1:00:59 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Bank_Information.doc:Zone.Identifier
Coûter de Billet.doc -> %UserProfile%\Desktop\Coûter de Billet.doc -> [Ver = | Size = 24064 bytes | Created Date = 5/22/2008 7:39:52 PM | Attr = ]
french board.doc -> %UserProfile%\Desktop\french board.doc -> [Ver = | Size = 24064 bytes | Created Date = 5/21/2008 11:53:32 PM | Attr = ]
ironman.jpg -> %UserProfile%\Desktop\ironman.jpg -> [Ver = | Size = 678078 bytes | Created Date = 5/22/2008 7:54:57 PM | Attr = ]
New Folder -> %UserProfile%\Desktop\New Folder -> [Folder | Created Date = 5/15/2008 9:59:06 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 5/23/2008 6:37:47 PM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 544693 bytes | Created Date = 5/23/2008 6:37:27 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Voulu.pdf -> %UserProfile%\Desktop\Voulu.pdf -> [Ver = | Size = 93455 bytes | Created Date = 5/22/2008 7:06:08 PM | Attr = ]
Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 5/1/2008 1:36:15 PM | Attr = ]
L&H -> %CommonProgramFiles%\L&H -> [Folder | Created Date = 5/20/2008 6:06:32 PM | Attr = ]
PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Created Date = 5/20/2008 7:00:08 PM | Attr = ]
AVG -> %ProgramFiles%\AVG -> [Folder | Created Date = 5/7/2008 4:37:53 PM | Attr = ]
Bulent's Screen Recorder 4 -> %ProgramFiles%\Bulent's Screen Recorder 4 -> [Folder | Created Date = 5/2/2008 6:43:24 PM | Attr = ]
Google -> %ProgramFiles%\Google -> [Folder | Created Date = 5/8/2008 5:10:18 PM | Attr = ]
HyCam2 -> %ProgramFiles%\HyCam2 -> [Folder | Created Date = 5/2/2008 6:46:33 PM | Attr = ]
iMagic Inventory -> %ProgramFiles%\iMagic Inventory -> [Folder | Created Date = 5/11/2008 8:52:11 AM | Attr = ]
iTunes -> %ProgramFiles%\iTunes -> [Folder | Created Date = 5/1/2008 4:09:35 PM | Attr = ]
Siber Systems -> %ProgramFiles%\Siber Systems -> [Folder | Created Date = 5/19/2008 5:50:43 PM | Attr = ]
SonicWallES -> %ProgramFiles%\SonicWallES -> [Folder | Created Date = 4/25/2008 7:20:18 PM | Attr = ]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor -> [Folder | Created Date = 5/7/2008 4:21:08 PM | Attr = ]
ZD Soft -> %ProgramFiles%\ZD Soft -> [Folder | Created Date = 5/17/2008 4:28:12 PM | Attr = ]
Zone Labs -> %ProgramFiles%\Zone Labs -> [Folder | Created Date = 5/2/2008 1:48:04 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Modified Date = 5/23/2008 6:07:07 PM | Attr = H ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 5/20/2008 6:55:58 PM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 5/21/2008 4:11:49 PM | Attr = ]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 5/21/2008 4:44:12 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1542836224 bytes | Modified Date = 5/23/2008 4:15:37 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/19/2008 5:50:43 PM | Attr = R ]
rollback.ini -> %SystemDrive%\rollback.ini -> [Ver = | Size = 0 bytes | Modified Date = 4/25/2008 2:29:20 PM | Attr = ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/14/2008 10:12:27 PM | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/15/2008 4:31:42 PM | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/14/2008 10:12:27 PM | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/15/2008 4:31:42 PM | Attr = H ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/23/2008 4:15:40 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 5/18/2008 9:45:44 PM | Attr = ]
Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Modified Date = 5/23/2008 4:18:42 PM | Attr = ]
1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp ->
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 5618689 bytes | Modified Date = 5/7/2008 4:38:01 PM | Attr = ]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 23935165 bytes | Modified Date = 5/23/2008 4:18:39 PM | Attr = ]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 28920 bytes | Modified Date = 5/23/2008 4:18:40 PM | Attr = ]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 838585 bytes | Modified Date = 5/21/2008 5:06:39 PM | Attr = ]
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 5/7/2008 4:38:05 PM | Attr = ]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 5/7/2008 4:38:03 PM | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 5/21/2008 4:43:28 PM | Attr = ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 23 bytes | Modified Date = 5/21/2008 4:43:28 PM | Attr = ]
AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT -> [Ver = | Size = 1789 bytes | Modified Date = 5/3/2008 4:37:36 PM | Attr = ]
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 5/7/2008 4:38:06 PM | Attr = ]
CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 5/2/2008 1:31:18 PM | Attr = ]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 5/22/2008 1:04:43 AM | Attr = ]
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 5/17/2008 4:31:38 PM | Attr = ]
DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 5/17/2008 4:27:49 PM | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 5/17/2008 4:28:01 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 5/23/2008 4:15:54 PM | Attr = ]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Modified Date = 5/3/2008 4:25:31 PM | Attr = H ]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 5/18/2008 1:28:01 PM | Attr = ]
NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Modified Date = 4/30/2008 4:40:41 PM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 59444 bytes | Modified Date = 5/7/2008 10:56:22 PM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 395372 bytes | Modified Date = 5/7/2008 10:56:22 PM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 461986 bytes | Modified Date = 5/7/2008 10:56:22 PM | Attr = ]
Tr_sttool.dat -> %SystemRoot%\System32\Tr_sttool.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/2/2008 6:44:53 PM | Attr = ]
vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [Ver = | Size = 352183 bytes | Modified Date = 5/6/2008 6:58:04 PM | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 5/17/2008 4:31:19 PM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 5/23/2008 4:18:02 PM | Attr = ]
zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 5/20/2008 5:44:42 PM | Attr = H ]
ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Modified Date = 5/6/2008 6:56:43 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 5/20/2008 6:06:54 PM | Attr = R S]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/23/2008 4:15:39 PM | Attr = S]
Brpfx04a.ini -> %SystemRoot%\Brpfx04a.ini -> [Ver = | Size = 1067 bytes | Modified Date = 5/2/2008 12:27:17 PM | Attr = ]
brwmark.ini -> %SystemRoot%\brwmark.ini -> [Ver = | Size = 426 bytes | Modified Date = 5/22/2008 10:27:41 PM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 5/11/2008 10:46:11 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/18/2008 1:28:04 PM | Attr = S]
fastaero_config -> %SystemRoot%\fastaero_config -> [Ver = | Size = 225 bytes | Modified Date = 5/4/2008 10:15:52 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/3/2008 4:43:14 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/20/2008 7:11:40 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/21/2008 4:11:49 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 5/20/2008 5:43:52 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 5/18/2008 7:42:43 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/23/2008 6:38:42 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 5/22/2008 6:56:23 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 5/22/2008 6:56:23 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/17/2008 4:31:19 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 5/14/2008 11:48:48 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 5/7/2008 3:42:31 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 246 bytes | Modified Date = 5/20/2008 6:55:58 PM | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 5/22/2008 7:16:33 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/14/2008 8:29:35 PM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 5/23/2008 6:40:28 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 665 bytes | Modified Date = 5/22/2008 12:50:49 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 5/7/2008 4:37:41 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 5/16/2008 9:40:14 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/23/2008 4:15:54 PM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 1/23/2008 5:45:06 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 28094 bytes | Modified Date = 5/8/2008 9:33:04 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 26932 bytes | Modified Date = 5/19/2008 8:49:21 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 1/23/2008 10:15:09 AM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 1/23/2008 10:15:09 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\VBExpress\8.0\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\VBExpress\8.0 -> [Folder | Modified Date = 3/5/2008 8:58:50 PM | Attr = ]
vbexpress000223.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\VBExpress\8.0\vbexpress000223.dat -> [Ver = | Size = 677178 bytes | Modified Date = 3/5/2008 8:58:39 PM | Attr = H ]
C:\Documents and Settings\admin\Local Settings\Temp\is-640JA.tmp\ -> C:\Documents and Settings\admin\Local Settings\Temp\is-640JA.tmp\. -> [Folder | Modified Date = 5/17/2008 3:56:54 PM | Attr = ]
PCTWSC.dll -> C:\Documents and Settings\admin\Local Settings\Temp\is-640JA.tmp\PCTWSC.dll -> PC Tools [Ver = 1, 0, 0, 11 | Size = 178032 bytes | Modified Date = 2/25/2008 4:48:44 PM | Attr = ]
C:\Documents and Settings\admin\Local Settings\Temp\is-DG4GN.tmp\ -> C:\Documents and Settings\admin\Local Settings\Temp\is-DG4GN.tmp\. -> [Folder | Modified Date = 5/20/2008 5:50:54 PM | Attr = ]
PCTWSC.dll -> C:\Documents and Settings\admin\Local Settings\Temp\is-DG4GN.tmp\PCTWSC.dll -> PC Tools [Ver = 1, 0, 0, 11 | Size = 178032 bytes | Modified Date = 2/25/2008 4:48:44 PM | Attr = ]
C:\Documents and Settings\admin\Local Settings\Temp\is-M5VNR.tmp\ -> C:\Documents and Settings\admin\Local Settings\Temp\is-M5VNR.tmp\. -> [Folder | Modified Date = 5/20/2008 5:49:28 PM | Attr = ]
PCTWSC.dll -> C:\Documents and Settings\admin\Local Settings\Temp\is-M5VNR.tmp\PCTWSC.dll -> PC Tools [Ver = 1, 0, 0, 11 | Size = 178032 bytes | Modified Date = 2/25/2008 4:48:44 PM | Attr = ]
C:\Documents and Settings\admin\Local Settings\Temp\is-OLI7G.tmp\ -> C:\Documents and Settings\admin\Local Settings\Temp\is-OLI7G.tmp\. -> [Folder | Modified Date = 5/20/2008 7:00:53 PM | Attr = ]
PCTWSC.dll -> C:\Documents and Settings\admin\Local Settings\Temp\is-OLI7G.tmp\PCTWSC.dll -> PC Tools [Ver = 1, 0, 0, 11 | Size = 178032 bytes | Modified Date = 2/25/2008 4:48:44 PM | Attr = ]
C:\Documents and Settings\admin\Local Settings\Temp\is-PD8O0.tmp\ -> C:\Documents and Settings\admin\Local Settings\Temp\is-PD8O0.tmp\. -> [Folder | Modified Date = 5/17/2008 3:58:37 PM | Attr = ]
PCTWSC.dll -> C:\Documents and Settings\admin\Local Settings\Temp\is-PD8O0.tmp\PCTWSC.dll -> PC Tools [Ver = 1, 0, 0, 11 | Size = 178032 bytes | Modified Date = 2/25/2008 4:48:44 PM | Attr = ]
C:\Documents and Settings\admin\Local Settings\Temp\is-RFQ11.tmp\ -> C:\Documents and Settings\admin\Local Settings\Temp\is-RFQ11.tmp\. -> [Folder | Modified Date = 5/20/2008 6:56:25 PM | Attr = ]
PCTWSC.dll -> C:\Documents and Settings\admin\Local Settings\Temp\is-RFQ11.tmp\PCTWSC.dll -> PC Tools [Ver = 1, 0, 0, 11 | Size = 178032 bytes | Modified Date = 2/25/2008 4:48:44 PM | Attr = ]
C:\Documents and Settings\admin\Local Settings\Temp\ -> C:\Documents and Settings\admin\Local Settings\Temp -> [Folder | Modified Date = 5/23/2008 6:38:28 PM | Attr = ]
Perflib_Perfdata_f88.dat -> C:\Documents and Settings\admin\Local Settings\Temp\Perflib_Perfdata_f88.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/14/2008 8:48:12 PM | Attr = ]
93 C:\Documents and Settings\admin\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\admin\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\admin\Local Settings\Temp\nsc29.tmp\ -> C:\Documents and Settings\admin\Local Settings\Temp\nsc29.tmp\. -> [Folder | Modified Date = 5/17/2008 3:40:13 PM | Attr = ]
ioSpecial.ini -> C:\Documents and Settings\admin\Local Settings\Temp\nsc29.tmp\ioSpecial.ini -> [Ver = | Size = 682 bytes | Modified Date = 5/17/2008 3:40:13 PM | Attr = ]
C:\Documents and Settings\admin\Local Settings\Temp\nsg17.tmp\ -> C:\Documents and Settings\admin\Local Settings\Temp\nsg17.tmp\. -> [Folder | Modified Date = 5/17/2008 3:31:39 PM | Attr = ]
shortcuts.ini -> C:\Documents and Settings\admin\Local Settings\Temp\nsg17.tmp\shortcuts.ini -> [Ver = | Size = 450 bytes | Modified Date = 5/17/2008 3:31:22 PM | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Modified Date = 5/11/2008 12:30:25 PM | Attr = ]
Azureus -> %AllUsersProfile%\Application Data\Azureus -> [Folder | Modified Date = 5/2/2008 9:04:35 PM | Attr = ]
Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 5/6/2008 9:40:07 PM | Attr = ]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 5/18/2008 1:28:04 PM | Attr = ]
MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier -> [Folder | Modified Date = 4/25/2008 3:30:47 PM | Attr = ]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 5/20/2008 6:06:13 PM | Attr = S]
NCH Software -> %AllUsersProfile%\Application Data\NCH Software -> [Folder | Modified Date = 5/2/2008 5:26:40 PM | Attr = ]
TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 5/23/2008 4:38:55 PM | Attr = ]
@Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 123 bytes -> %AllUsersProfile%\Application Data\TEMP:3270185A
@Alternate Data Stream - 116 bytes -> %AllUsersProfile%\Application Data\TEMP:430C6D84
@Alternate Data Stream - 113 bytes -> %AllUsersProfile%\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 179 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 99 bytes -> %AllUsersProfile%\Application Data\TEMP:F1CF9611
AVGTOOLBAR -> %AppData%\AVGTOOLBAR -> [Folder | Modified Date = 5/8/2008 5:10:24 PM | Attr = ]
DivX -> %AppData%\DivX -> [Folder | Modified Date = 5/1/2008 3:52:16 PM | Attr = ]
FileZilla -> %AppData%\FileZilla -> [Folder | Modified Date = 5/22/2008 8:44:14 PM | Attr = ]
Help -> %AppData%\Help -> [Folder | Modified Date = 5/3/2008 4:43:14 PM | Attr = ]
Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 5/17/2008 3:51:43 PM | Attr = ]
NMM-MetaData.db -> %AppData%\NMM-MetaData.db -> [Ver = | Size = 685775 bytes | Modified Date = 5/4/2008 3:43:48 PM | Attr = ]
PC Tools -> %AppData%\PC Tools -> [Folder | Modified Date = 5/7/2008 4:21:08 PM | Attr = ]
utorrent -> %AppData%\utorrent -> [Folder | Modified Date = 5/20/2008 6:02:12 PM | Attr = ]
Yahoo! Messenger -> %AppData%\Yahoo! Messenger -> [Folder | Modified Date = 5/20/2008 1:36:14 AM | Attr = ]
Axialis -> %UserProfile%\Local Settings\Application Data\Axialis -> [Folder | Modified Date = 5/21/2008 8:54:01 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 19456 bytes | Modified Date = 5/11/2008 9:48:08 AM | Attr = ]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 5895606 bytes | Modified Date = 5/14/2008 1:54:21 AM | Attr = H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 5/20/2008 8:39:25 PM | Attr = ]
WMTools Downloaded Files -> %UserProfile%\Local Settings\Application Data\WMTools Downloaded Files -> [Folder | Modified Date = 5/2/2008 7:39:31 PM | Attr = ]
BSR Videos -> %UserProfile%\My Documents\BSR Videos -> [Folder | Modified Date = 5/2/2008 6:44:53 PM | Attr = ]
clip0001.avi -> %UserProfile%\My Documents\clip0001.avi -> [Ver = | Size = 1754400 bytes | Modified Date = 5/7/2008 9:10:02 PM | Attr = ]
front.pdf -> %UserProfile%\My Documents\front.pdf -> [Ver = | Size = 222206 bytes | Modified Date = 4/25/2008 9:23:31 AM | Attr = ]
Stardock -> %UserProfile%\My Documents\Stardock -> [Folder | Modified Date = 5/13/2008 8:04:34 PM | Attr = ]
Ashwin -> %UserProfile%\Desktop\Ashwin -> [Folder | Modified Date = 5/23/2008 6:37:06 PM | Attr = ]
Bank_Information.doc -> %UserProfile%\Desktop\Bank_Information.doc -> [Ver = | Size = 24064 bytes | Modified Date = 5/21/2008 12:59:37 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Bank_Information.doc:Zone.Identifier
Coûter de Billet.doc -> %UserProfile%\Desktop\Coûter de Billet.doc -> [Ver = | Size = 24064 bytes | Modified Date = 5/22/2008 7:51:09 PM | Attr = ]
french board.doc -> %UserProfile%\Desktop\french board.doc -> [Ver = | Size = 24064 bytes | Modified Date = 5/22/2008 12:02:40 AM | Attr = ]
ironman.jpg -> %UserProfile%\Desktop\ironman.jpg -> [Ver = | Size = 678078 bytes | Modified Date = 5/22/2008 7:57:53 PM | Attr = ]
New Folder -> %UserProfile%\Desktop\New Folder -> [Folder | Modified Date = 5/15/2008 10:18:45 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 5/23/2008 6:37:47 PM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 544693 bytes | Modified Date = 5/23/2008 6:37:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 41984 bytes | Modified Date = 5/11/2008 9:49:55 AM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
Voulu.pdf -> %UserProfile%\Desktop\Voulu.pdf -> [Ver = | Size = 93455 bytes | Modified Date = 5/22/2008 7:15:43 PM | Attr = ]
Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 5/1/2008 1:36:15 PM | Attr = ]
L&H -> %CommonProgramFiles%\L&H -> [Folder | Modified Date = 5/20/2008 6:06:33 PM | Attr = ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 5/7/2008 4:37:41 PM | Attr = ]
PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Modified Date = 5/20/2008 7:00:09 PM | Attr = ]

< End of report >
[/code]

There you go
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP