PART ONE OF OSCAN FILE
Thanks so much for your help. I'm 99% sure this is something on my laptop but I do have the same problem using PandaScan on my desktop. More importantly, I am terrified of doing anything to revise passwords on existing accounts online of any kind until I'm sure the Trojan is gone (if that's what it is -- it IS strange how paypal got hacked and my wireless is acting strangely at the same time. Also, there has been a tremendous increase in the amount of bounced spam emails I'm receiving to the same email address that has these other problems). I have called my bank and credit card companies as well as Paypal (who has not been as forthright about support as I would like).
So first, I'll post my laptop scan as you asked. Once that's resolved, would you mind terribly looking at my desktop scan?
Here's Part One - yes, this is too big for two parts.
[code=auto:0]OTScanIt logfile created on: 5/28/2008 1:36:03 PM
OTScanIt by OldTimer - Version 1.0.15.2 Folder = C:\Documents and Settings\Owner\My Documents\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
446.04 Mb Total Physical Memory | 216.92 Mb Available Physical Memory | 48.63% Memory free
1.03 Gb Paging File | 0.65 Gb Available in Paging File | 63.38% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.19 Gb Total Space | 29.69 Gb Free Space | 58.01% Space Free | Partition Type: NTFS
Drive D: | 4.69 Gb Total Space | 2.72 Gb Free Space | 57.94% Space Free | Partition Type: FAT32
Drive E: | 1.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NIMROD
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
[Processes - Non-Microsoft Only]
avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 12/17/2007 10:40:29 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 12/18/2007 7:25:11 AM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 12/17/2007 10:40:37 PM | Attr = ]
avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 12/17/2007 10:40:29 PM | Attr = ]
avgfwsrv.exe -> %ProgramFiles%\Grisoft\AVG7\avgfwsrv.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.500 | Size = 838656 bytes | Modified Date = 12/18/2007 7:25:05 AM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.1.13 07Oct05 | Size = 737370 bytes | Modified Date = 10/7/2005 3:52:52 PM | Attr = ]
vttimer.exe -> %SystemRoot%\system32\VTTimer.exe -> S3 Graphics, Inc. [Ver = 2.00.01-0307 | Size = 53248 bytes | Modified Date = 3/8/2005 6:33:28 AM | Attr = ]
vttrayp.exe -> %SystemRoot%\system32\VTTrayp.exe -> S3 Graphics Co., Ltd. [Ver = 2.00.41-1031 | Size = 163840 bytes | Modified Date = 11/1/2005 7:15:12 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/14/2008 11:59:44 AM | Attr = ]
avginet.exe -> %ProgramFiles%\Grisoft\AVG7\avginet.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 510976 bytes | Modified Date = 4/14/2008 11:59:44 AM | Attr = ]
otscanit.exe -> %UserProfile%\My Documents\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.2 | Size = 374272 bytes | Modified Date = 5/28/2008 2:37:38 AM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 12/18/2007 7:25:11 AM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 12/17/2007 10:40:37 PM | Attr = ]
(AvgCoreSvc) AVG7 Resident Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 12/17/2007 10:40:29 PM | Attr = ]
(AVGFwSrv) AVG Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgfwsrv.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.500 | Size = 838656 bytes | Modified Date = 12/18/2007 7:25:05 AM | Attr = ]
(Bonjour Service) Bonjour Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 1:10:24 PM | Attr = ]
(LinksysUpdater) Linksys Updater [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Linksys\Linksys Updater\bin\LinksysUpdater.exe -> [Ver = | Size = 204800 bytes | Modified Date = 1/15/2008 10:28:20 AM | Attr = ]
(LMIMaint) LogMeIn Maintenance Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.680 | Size = 116032 bytes | Modified Date = 11/15/2007 7:46:14 PM | Attr = ]
(LogMeIn) LogMeIn [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 8/3/2007 4:09:34 PM | Attr = ]
(PDAgent) PDAgent [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Raxco\PerfectDisk\PDAgent.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 63 | Size = 415248 bytes | Modified Date = 4/9/2007 12:55:08 PM | Attr = ]
(PDEngine) PDEngine [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Raxco\PerfectDisk\PDEngine.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 63 | Size = 734736 bytes | Modified Date = 4/9/2007 12:55:24 PM | Attr = ]
(PrismXL) PrismXL [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 7/12/2006 7:52:05 PM | Attr = ]
(Xdrive Service) Xdrive Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Xdrive\Xdrive Desktop\XdriveService.exe -> Xdrive LLC [Ver = 1.0.0.1 | Size = 304528 bytes | Modified Date = 10/2/2007 9:26:36 AM | Attr = ]
[Driver Services - Non-Microsoft Only]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.60.5 2.1.60.5 10/14/2005 13:29:14 | Size = 1121472 bytes | Modified Date = 10/14/2005 5:29:18 PM | Attr = ]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5950 built by: WinDDK | Size = 3786944 bytes | Modified Date = 10/26/2005 4:08:26 PM | Attr = ]
(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 10:51:56 PM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 8:07:44 AM | Attr = ]
(asc) asc [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 10:52:00 PM | Attr = ]
(asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 10:51:58 PM | Attr = ]
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> Windows ® 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 7/12/2006 7:46:31 PM | Attr = ]
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Modified Date = 11/21/2005 12:48:21 AM | Attr = ]
(ATNT40K) ActiveTouch NT Appsharing Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\atnt40k.sys -> [Ver = | Size = 51392 bytes | Modified Date = 3/25/2005 5:32:06 PM | Attr = ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 12/21/2007 10:33:14 AM | Attr = ]
(AvgMfx86) AVG Minifilter x86 Resident Driver [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 12/21/2007 10:33:00 AM | Attr = ]
(CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 10:51:54 PM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 10:52:16 PM | Attr = ]
(DefragFS) DefragFS [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\DefragFs.sys -> Raxco Software, Inc. [Ver = 8.0012 built by: WinDDK | Size = 67352 bytes | Modified Date = 3/13/2007 12:18:22 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ]
(FET5X86V) VIA Rhine-Family Fast-Ethernet Adapter Driver Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fetnd5bv.sys -> VIA Technologies, Inc. [Ver = 3.71.0.456 | Size = 42496 bytes | Modified Date = 7/5/2007 6:33:54 AM | Attr = ]
(FETND5BV) VIA Rhine-Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5bv.sys -> VIA Technologies, Inc. [Ver = 3.71.0.456 | Size = 42496 bytes | Modified Date = 7/5/2007 6:33:54 AM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 4:44:04 PM | Attr = ]
(LMIInfo) LogMeIn Kernel Information Provider [Kernel | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\rainfo.sys -> LogMeIn, Inc. [Ver = 7.50.596 | Size = 12992 bytes | Modified Date = 8/3/2007 4:09:34 PM | Attr = ]
(LMImirr) LMImirr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMImirr.sys -> LogMeIn, Inc. [Ver = 2.50.596 | Size = 10144 bytes | Modified Date = 8/3/2007 4:04:52 PM | Attr = ]
(LMIRfsDriver) LogMeIn Remote File System Driver [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\LMIRfsDriver.sys -> LogMeIn, Inc. [Ver = 2.4.2.0 | Size = 46112 bytes | Modified Date = 8/3/2007 4:09:34 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 10:52:12 PM | Attr = ]
(mxnic) Macronix MX987xx Family Fast Ethernet NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mxnic.sys -> Macronix International Co., Ltd. [Ver = 2.12 (XPClient.010817-1148) | Size = 19968 bytes | Modified Date = 8/17/2001 3:49:32 PM | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/4/2004 12:29:56 AM | Attr = ]
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 12/1/2007 6:08:12 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 12/11/2007 2:46:00 PM | Attr = ]
(ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 10:52:20 PM | Attr = ]
(ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 10:52:20 PM | Attr = ]
(ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 10:52:18 PM | Attr = ]
(rtl8185) Realtek RTL8185 54M Wireless LAN Network Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rtl8185.sys -> Realtek Semiconductor Corporation [Ver = 5,1097,0201,2007 built by: WinDDK | Size = 306560 bytes | Modified Date = 2/1/2007 3:36:18 PM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = ]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 11:07:44 PM | Attr = ]
(symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 11:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 11:07:36 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 11:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 11:07:42 PM | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.1.13 07Oct05 | Size = 191872 bytes | Modified Date = 10/7/2005 3:37:50 PM | Attr = ]
(tifm21) tifm21 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.2 | Size = 162432 bytes | Modified Date = 9/21/2005 2:30:56 AM | Attr = ]
(ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 10:52:22 PM | Attr = ]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 10/31/2007 3:09:14 PM | Attr = ]
(viagfx) viagfx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vtmini.sys -> Copyright © VIA/S3 Graphics Co, Ltd. [Ver = 6.14.10.0275-16.94.44.44 | Size = 247040 bytes | Modified Date = 12/27/2005 2:06:22 PM | Attr = ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 4:13:04 PM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP] -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/14/2008 11:59:44 AM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.1.13 07Oct05 | Size = 737370 bytes | Modified Date = 10/7/2005 3:52:52 PM | Attr = ]
VTTimer -> %SystemRoot%\system32\VTTimer.exe [VTTimer.exe] -> S3 Graphics, Inc. [Ver = 2.00.01-0307 | Size = 53248 bytes | Modified Date = 3/8/2005 6:33:28 AM | Attr = ]
VTTrayp -> %SystemRoot%\system32\VTTrayp.exe [VTtrayp.exe] -> S3 Graphics Co., Ltd. [Ver = 2.00.41-1031 | Size = 163840 bytes | Modified Date = 11/1/2005 7:15:12 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
avgwlntf -> %SystemRoot%\system32\avgwlntf.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Modified Date = 12/17/2007 10:40:45 PM | Attr = ]
LMIinit -> %SystemRoot%\system32\LMIinit.dll -> LogMeIn, Inc. [Ver = 4.0.680 | Size = 87352 bytes | Modified Date = 11/15/2007 7:46:22 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_RW/DVD_GCC-4244N_______________GW01____\5&990d95b&0&0.0.0 [IDE\CdRomHL-DT-ST_RW/DVD_GCC-4244N_______________GW01____\5&990d95b&0&0.0.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 8/26/2004 1:04:39 PM | Attr = ]
Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [Ver = | Size = 53 bytes | Modified Date = 9/13/2004 12:15:24 PM | Attr = HS]
< HOSTS File > (757 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
10.254.254.253 Xdrive -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL ->
http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL ->
http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page ->
http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page ->
http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch ->
http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant ->
http://www.gateway.c...h...TB&M=MX3231 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar ->
http://www.gateway.c...h...TB&M=MX3231 ->
HKEY_CURRENT_USER\: Main\\Search Page ->
http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page ->
https://bearmail.mis.../...e/&reason=0 ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. ->
www_aessuccess.org [http] -> Trusted sites ->
www_gmail.com [http] -> Trusted sites ->
www_google.com [http] -> Trusted sites ->
3 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\bae.dll [CBrowserHelperObject Object] -> Gateway Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 2/1/2006 5:54:30 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Save to &Xdrive -> %ProgramFiles%\Xdrive\Xdrive Desktop\xdrive.exe -> Xdrive LLC [Ver = 5.1.158.0 | Size = 1168784 bytes | Modified Date = 10/2/2007 9:26:34 AM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage ->
http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6FE5B972-78B4-44CE-9B78-939E11BA7BD0} -> (Microsoft Loopback Adapter) ->
{9FEDDA3C-FAB5-4917-A583-8A3268421C3E} -> (VIA Rhine II Fast Ethernet Adapter) ->
{AAC6FA6C-F2A7-4350-B6FE-937EA1BA5737} -> (Realtek RTL8185 54M Wireless LAN Network Adapter) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 12/17/2007 10:40:44 PM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] ->
http://download.micr.../OGAControl.cab[Office Genuine Advantage Validation Tool] ->
{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] ->
http://support.gatew...r/PCPitStop.CAB[PCPitstop Utility] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] ->
http://download.micr...heckControl.cab[Windows Genuine Advantage Validation Tool] ->
{1E3F1348-4370-4BBE-A67A-CC7ED824CA85}[HKEY_LOCAL_MACHINE] ->
http://download.micr...helpcontrol.cab[Microsoft Genuine Advantage Self Support Tool] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] ->
http://www.update.mi...b?1188620572437[WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] ->
http://fpdownload2.m...ash/swflash.cab[Shockwave Flash Object] ->
{D821DC4A-0814-435E-9820-661C543A4679}[HKEY_LOCAL_MACHINE] ->
http://drmlicense.on...e/en/crlocx.ocx[CRLDownloadWrapper Class] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/crlocx.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/crlocx.ocx\\.Owner -> {D821DC4A-0814-435E-9820-661C543A4679} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/crlocx.ocx\\{D821DC4A-0814-435E-9820-661C543A4679} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/SelfHelpControl.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/SelfHelpControl.DLL\\.Owner -> {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/SelfHelpControl.DLL\\{1E3F1348-4370-4BBE-A67A-CC7ED824CA85} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> ->
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ]
*MultiFile Done* -> ->
Edited by dianab9311, 28 May 2008 - 12:43 PM.