Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I have serious and persistent Trojan issues [CLOSED]

Started by djprofit , May 27 2008 10:29 AM

  • Please log in to reply

#1
djprofit
Posted 27 May 2008 - 10:29 AM

djprofit

    Member

  • Member
  • PipPip
  • 11 posts
I dont want to have my computer rebuilt. ... I have run a McAfee scan, an AdAware 07 scan and 3 seperate Spyware Doctor (full 5.5 version) scans. I had all the threats removed/deleted and still have the same problems. I have attached an html file of my last two Spyware Doctor scans if you want to take a look at the damage...NEVERMIND...The html file was too large by about 100kb. Thanks for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:08 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\winself.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Documents and Settings\ChadStewart\Desktop\aiepk2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\12520850k.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\ChadStewart\Application Data\Microsoft\dtsc\26938.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\ChadStewart\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.147.227.188:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [aiepk] C:\Documents and Settings\ChadStewart\Desktop\aiepk2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\12520850k.exe
O4 - HKLM\..\Run: [BM33d6f161] Rundll32.exe "C:\WINDOWS\system32\lwyestqy.dll",s
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\12520850k.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\ChadStewart\Application Data\Microsoft\dtsc\26938.exe
O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\12520850k.exe
O4 - HKCU\..\Run: [Esbh] "C:\WINDOWS\system32\PPATCH~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [Ixqjiux] "C:\Program Files\M?crosoft\?ti2evxx.exe"
O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\12520850k.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1155821185703
O20 - Winlogon Notify: nnnnNGYS - nnnnNGYS.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - c:\winself.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 9061 bytes
  • 0

Advertisements

#2
harrythook
Posted 27 May 2008 - 11:38 AM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Thats a bit of a mess there djprofit, lets try to clean it up :)

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

So you should post back:
  • Combofix log
  • HJT log
  • Kaspersky log

Harry
  • 0

#3
djprofit
Posted 27 May 2008 - 12:45 PM

djprofit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I could not run combofix.exe. When I double-clicked, it gave me a regedit.exe error. "The application has failed to start because clb.dll was not found."

I also could not access the kapersky online scanner because whatever has taken over my computer (IE6) gives me a 404 error. What are my options now?
  • 0

#4
harrythook
Posted 28 May 2008 - 04:18 AM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Lets try this, print these instructions for reference during the fix:
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

  • 0

#5
djprofit
Posted 28 May 2008 - 06:43 PM

djprofit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is my hijack this log and my sdfix log after following your last post. FYI: I was given a bunch of those clb.dll error messages but sd fix seemed to do what it was supposed to do so far....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:06 PM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Documents and Settings\ChadStewart\Desktop\aiepk2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\ChadStewart\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.147.227.188:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [aiepk] C:\Documents and Settings\ChadStewart\Desktop\aiepk2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\12520850k.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [BM33d6f161] Rundll32.exe "C:\WINDOWS\system32\lwyestqy.dll",s
O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\12520850k.exe
O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\12520850k.exe
O4 - HKCU\..\Run: [Esbh] "C:\WINDOWS\system32\PPATCH~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [Ixqjiux] "C:\Program Files\M?crosoft\?ti2evxx.exe"
O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\12520850k.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1155821185703
O20 - Winlogon Notify: nnnnNGYS - nnnnNGYS.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 8711 bytes


SD FIX LOG >>>>


Rebooting

Service EOJ61 - Deleted
Service VXG06 - Deleted

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\12520850k.exe - Deleted
C:\Program Files\TMPGEnc\TMPGEnc.exe - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\vtmp2\ktnv33.log - Deleted
C:\WINDOWS\x.exe - Deleted
C:\WINDOWS\y.exe - Deleted
C:\WINDOWS\b138.exe - Deleted
C:\WINDOWS\system32\000060.exe - Deleted
C:\WINDOWS\system32\000080.exe - Deleted
C:\WINDOWS\system32\000090.exe - Deleted
C:\WINDOWS\accesss.exe - Deleted
C:\WINDOWS\astctl32.ocx - Deleted
C:\WINDOWS\avpcc.dll - Deleted
C:\WINDOWS\clrssn.exe - Deleted
C:\WINDOWS\cpan.dll - Deleted
C:\WINDOWS\ctfmon32.exe - Deleted
C:\WINDOWS\ctrlpan.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\directx32.exe - Deleted
C:\WINDOWS\dnsrelay.dll - Deleted
C:\WINDOWS\editpad.exe - Deleted
C:\WINDOWS\explore.exe - Deleted
C:\WINDOWS\explorer32.exe - Deleted
C:\WINDOWS\funniest.exe - Deleted
C:\WINDOWS\funny.exe - Deleted
C:\WINDOWS\gfmnaaa.dll - Deleted
C:\WINDOWS\helpcvs.exe - Deleted
C:\WINDOWS\iedll.exe - Deleted
C:\WINDOWS\iexplorer.exe - Deleted
C:\WINDOWS\inetinf.exe - Deleted
C:\WINDOWS\internet.exe - Deleted
C:\WINDOWS\loader.exe - Deleted
C:\WINDOWS\megavid.cdt - Deleted
C:\WINDOWS\msconfd.dll - Deleted
C:\WINDOWS\msspi.dll - Deleted
C:\WINDOWS\mssys.exe - Deleted
C:\WINDOWS\msupdate.exe - Deleted
C:\WINDOWS\mswsc10.dll - Deleted
C:\WINDOWS\mswsc20.dll - Deleted
C:\WINDOWS\mtwirl32.dll - Deleted
C:\WINDOWS\muotr.so - Deleted
C:\WINDOWS\notepad32.exe - Deleted
C:\WINDOWS\olehelp.exe - Deleted
C:\WINDOWS\qttasks.exe - Deleted
C:\WINDOWS\quicken.exe - Deleted
C:\WINDOWS\rundll16.exe - Deleted
C:\WINDOWS\rundll32.vbe - Deleted
C:\WINDOWS\searchword.dll - Deleted
C:\WINDOWS\sistem.exe - Deleted
C:\WINDOWS\svchost32.exe - Deleted
C:\WINDOWS\svcinit.exe - Deleted
C:\WINDOWS\systeem.exe - Deleted
C:\WINDOWS\systemcritical.exe - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\hljwugsf.bin - Deleted
C:\WINDOWS\system32\spywarewarning.mht - Deleted
C:\WINDOWS\system32\spywarewarning2.mht - Deleted
C:\WINDOWS\system32\WinCtrl32.dll - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\time.exe - Deleted
C:\WINDOWS\users32.exe - Deleted
C:\WINDOWS\waol.exe - Deleted
C:\WINDOWS\win32e.exe - Deleted
C:\WINDOWS\win64.exe - Deleted
C:\WINDOWS\winajbm.dll - Deleted
C:\WINDOWS\window.exe - Deleted
C:\WINDOWS\winmgnt.exe - Deleted
C:\WINDOWS\xplugin.dll - Deleted
C:\WINDOWS\xxxvideo.hta - Deleted
C:\WINDOWS\system32\drivers\EOJ61.sys - Deleted
C:\WINDOWS\system32\drivers\VXG06.sys - Deleted
C:\WINDOWS\system32\drivers\SRR.sys - Deleted



Folder C:\Temp\1cb - Removed
Folder C:\Temp\tn3 - Removed
Folder C:\Temp\vtmp2 - Removed
Folder C:\WINDOWS\system32\vntiho06 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 20:35:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :

EOJ61
VXG06



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"="C:\\Program Files\\Free Music Zilla\\FMZilla.exe:*:Enabled:FMZilla Module"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Disabled:æTorrent"
"C:\\Documents and Settings\\ChadStewart\\Profit Docs\\ebay\\various stuff\\utorrent.exe"="C:\\Documents and Settings\\ChadStewart\\Profit Docs\\ebay\\various stuff\\utorrent.exe:*:Disabled:utorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

C:\WINDOWS\x.exe Found
C:\WINDOWS\y.exe Found
C:\WINDOWS\accesss.exe Found
C:\WINDOWS\astctl32.ocx Found
C:\WINDOWS\avpcc.dll Found
C:\WINDOWS\clrssn.exe Found
C:\WINDOWS\cpan.dll Found
C:\WINDOWS\ctfmon32.exe Found
C:\WINDOWS\ctrlpan.dll Found
C:\WINDOWS\default.htm Found
C:\WINDOWS\directx32.exe Found
C:\WINDOWS\dnsrelay.dll Found
C:\WINDOWS\explore.exe Found
C:\WINDOWS\explorer32.exe Found
C:\WINDOWS\funniest.exe Found
C:\WINDOWS\funny.exe Found
C:\WINDOWS\gfmnaaa.dll Found
C:\WINDOWS\helpcvs.exe Found
C:\WINDOWS\inetinf.exe Found
C:\WINDOWS\loader.exe Found
C:\WINDOWS\msspi.dll Found
C:\WINDOWS\mswsc10.dll Found
C:\WINDOWS\mswsc20.dll Found
C:\WINDOWS\mtwirl32.dll Found
C:\WINDOWS\olehelp.exe Found
C:\WINDOWS\qttasks.exe Found
C:\WINDOWS\rundll32.vbe Found
C:\WINDOWS\searchword.dll Found
C:\WINDOWS\sistem.exe Found
C:\WINDOWS\svcinit.exe Found
C:\WINDOWS\systeem.exe Found
C:\WINDOWS\systemcritical.exe Found
C:\WINDOWS\time.exe Found
C:\WINDOWS\users32.exe Found
C:\WINDOWS\waol.exe Found
C:\WINDOWS\win32e.exe Found
C:\WINDOWS\win64.exe Found
C:\WINDOWS\winajbm.dll Found
C:\WINDOWS\winmgnt.exe Found
C:\WINDOWS\xplugin.dll Found
C:\WINDOWS\xxxvideo.hta Found


Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 17 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 29 Aug 2007 23,040 ...H. --- "C:\Documents and Settings\ChadStewart\word docs\~WRL1781.tmp"
Tue 19 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Sep 2007 20,480 ...H. --- "C:\Documents and Settings\ChadStewart\word docs\resumes\Roll Call 3\~WRL0003.tmp"

Finished!


Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 20:38:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"="C:\\Program Files\\Free Music Zilla\\FMZilla.exe:*:Enabled:FMZilla Module"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Disabled:æTorrent"
"C:\\Documents and Settings\\ChadStewart\\Profit Docs\\ebay\\various stuff\\utorrent.exe"="C:\\Documents and Settings\\ChadStewart\\Profit Docs\\ebay\\various stuff\\utorrent.exe:*:Disabled:utorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 17 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 29 Aug 2007 23,040 ...H. --- "C:\Documents and Settings\ChadStewart\word docs\~WRL1781.tmp"
Tue 19 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Sep 2007 20,480 ...H. --- "C:\Documents and Settings\ChadStewart\word docs\resumes\Roll Call 3\~WRL0003.tmp"

Finished!
  • 0

#6
harrythook
Posted 28 May 2008 - 07:55 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Alright djprofit,
that got some of it but there is more to go.

Lets see if you can run the Combofix now, follow the instructions from before.
Next:
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

This scan is going to take a bit of time to look at, hang in there :)

Harry
  • 0

#7
djprofit
Posted 29 May 2008 - 05:27 PM

djprofit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I am going to follow through with this thread and follow your instructions but I have to pause this malware fix because I have guests
coming into town for the next few days. While I would rather sit and get this computer fixed, I dont think they would be too pleased. Thanks for your help thus far and I will post my logs when I have the opportunity to run the software (probably next Tuesday).

ALSO: I am still getting the clb.dll error when I try to use Combofix and SDFix continues to open a window looking for malware during startup.

Edited by djprofit, 29 May 2008 - 05:28 PM.

  • 0

#8
harrythook
Posted 29 May 2008 - 07:28 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Ok djprofit,
enjoy your guests, post the OTScanit results when your ready to get back to it here :)

HArry
  • 0

#9
harrythook
Posted 02 June 2008 - 07:31 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#10
harrythook
Posted 04 June 2008 - 06:10 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Topic re-opened at user request

Hey djprofit, guess I should waited a bit more, sorry :)

Follow the instructions and post the OTscanit log please :)

Harry
  • 0

Advertisements

#11
djprofit
Posted 05 June 2008 - 08:37 AM

djprofit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I have already run the scan and will post the log when I get home (around 7pm EST). Thanks for opening the thread.
  • 0

#12
djprofit
Posted 05 June 2008 - 05:58 PM

djprofit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Harry: This log is massive. If you want the txt file I can send that instead:

[code=auto:0]
OTScanIt logfile created on: 6/4/2008 11:41:04 AM
OTScanIt by OldTimer - Version 1.0.15.4 Folder = C:\Documents and Settings\ChadStewart\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 668.07 Mb Available Physical Memory | 65.88% Memory free
2.39 Gb Paging File | 2.04 Gb Available in Paging File | 85.61% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 73.05 Gb Free Space | 38.47% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 45.16 Gb Free Space | 9.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAD
Current User Name: ChadStewart
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 102463 bytes | Modified Date = 8/6/2004 3:50:00 AM | Attr = ]
naprdmgr.exe -> %SystemDrive%\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 237623 bytes | Modified Date = 8/6/2004 3:50:00 AM | Attr = ]
vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\VsTskMgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 8/18/2004 8:00:00 AM | Attr = ]
shstat.exe -> %ProgramFiles%\Network Associates\VirusScan\SHSTAT.EXE -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 8/18/2004 8:00:00 AM | Attr = ]
updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 139320 bytes | Modified Date = 8/6/2004 3:50:00 AM | Attr = ]
tbmon.exe -> %CommonProgramFiles%\Network Associates\TalkBack\TBMon.exe -> Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Modified Date = 10/7/2003 9:48:56 AM | Attr = ]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 2:46:34 PM | Attr = ]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 2:50:30 PM | Attr = ]
aiepk2.exe -> %UserProfile%\Desktop\aiepk2.exe -> Fadsoft.com [Ver = 2, 0, 0, 1 | Size = 16896 bytes | Modified Date = 1/18/2004 12:55:22 PM | Attr = ]
tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 8/13/2004 1:05:00 AM | Attr = ]
wdbtnmgr.exe -> %SystemRoot%\system32\WDBtnMgr.exe -> Western Digital Technologies, Inc. [Ver = 2, 0, 13, 0 | Size = 364544 bytes | Modified Date = 4/3/2007 3:38:23 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 36975 bytes | Modified Date = 4/13/2005 3:48:52 AM | Attr = ]
pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5, 5, 1, 0 | Size = 337800 bytes | Modified Date = 4/10/2008 3:14:26 PM | Attr = ]
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.1.1 | Size = 1107848 bytes | Modified Date = 4/10/2008 3:14:30 PM | Attr = ]
pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.1.9 | Size = 1017224 bytes | Modified Date = 4/17/2008 2:19:02 PM | Attr = ]
wlservice.exe -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 5:46:04 PM | Attr = ]
wusb54gc.exe -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC -> [Folder | Modified Date = 1/24/2008 8:20:14 PM | Attr = ]
procexp.exe -> %UserProfile%\Desktop\ProcessExplorer\procexp.exe -> Sysinternals - www.sysinternals.com [Ver = 11.13 | Size = 3523624 bytes | Modified Date = 4/15/2008 8:09:26 AM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.4 | Size = 374784 bytes | Modified Date = 5/28/2008 9:25:08 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 7/6/2007 2:02:26 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 102463 bytes | Modified Date = 8/6/2004 3:50:00 AM | Attr = ]
(McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\VsTskMgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 8/18/2004 8:00:00 AM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\msdtc -> [Folder | Modified Date = 8/17/2006 8:34:07 AM | Attr = ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5, 5, 1, 0 | Size = 337800 bytes | Modified Date = 4/10/2008 3:14:26 PM | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.1.9 | Size = 1017224 bytes | Modified Date = 4/17/2008 2:19:02 PM | Attr = ]
(WUSB54GCSVC) WUSB54GCSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 5:46:04 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 3:15:00 PM | Attr = ]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> %SystemRoot%\System32\DRIVERS\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Modified Date = 1/24/2008 8:20:15 PM | Attr = ]
(BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\BCM42RLY.SYS -> Broadcom Corporation [Ver = 3.90.30.0 (BROADCOM INTERNAL DRIVER) | Size = 17992 bytes | Modified Date = 2/1/2005 7:18:38 PM | Attr = ]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\CHADST~1\LOCALS~1\Temp\catchme.sys -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.94a | Size = 87136 bytes | Modified Date = 8/4/2004 3:21:00 AM | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.46a | Size = 40544 bytes | Modified Date = 8/13/2004 2:56:00 AM | Attr = ]
(E100B) Intel® PRO Network Connection Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\e100b325.sys -> Intel Corporation [Ver = 8.0.21.0 built by: WinDDK | Size = 162816 bytes | Modified Date = 6/13/2005 12:58:04 PM | Attr = ]
(hamachi_oem) PlayLinc Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\gan_adapter.sys -> Applied Networking Inc. [Ver = 10.0.0.2 | Size = 10664 bytes | Modified Date = 9/27/2006 5:12:30 PM | Attr = ]
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4410 | Size = 1302812 bytes | Modified Date = 10/14/2005 3:15:18 PM | Attr = ]
(IKFileSec) File Security Driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Modified Date = 2/1/2008 11:55:52 AM | Attr = ]
(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 12/10/2007 1:53:28 PM | Attr = ]
(IKSysSec) System Security Driver [Kernel | System | Running] -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 12/10/2007 1:53:28 PM | Attr = ]
(IntelC51) IntelC51 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\IntelC51.sys -> Intel Corporation [Ver = 2.15.36.0 | Size = 1233525 bytes | Modified Date = 3/6/2004 12:14:42 AM | Attr = ]
(IntelC52) IntelC52 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\IntelC52.sys -> Intel Corporation [Ver = 4.58.1 | Size = 647929 bytes | Modified Date = 3/6/2004 12:15:34 AM | Attr = ]
(IntelC53) IntelC53 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\IntelC53.sys -> Intel Corporation [Ver = 2.15.36.2 | Size = 61157 bytes | Modified Date = 6/16/2004 12:52:40 AM | Attr = ]
(mohfilt) mohfilt [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\mohfilt.sys -> Intel Corporation [Ver = 7.11.0.0 | Size = 37048 bytes | Modified Date = 3/6/2004 12:13:38 AM | Attr = ]
(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -> File not found
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -> File not found
(NaiAvFilter1) NaiAvFilter1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\naiavf5x.sys -> Network Associates, Inc. [Ver = 8.0.0.276 | Size = 108480 bytes | Modified Date = 12/23/2004 8:00:00 PM | Attr = ]
(NaiAvTdi1) NaiAvTdi1 [Kernel | System | Running] -> %SystemRoot%\System32\drivers\mvstdi5x.sys -> Network Associates, Inc. [Ver = 8.0.0.266 | Size = 58464 bytes | Modified Date = 12/23/2004 8:00:00 PM | Attr = ]
(pctfw2) pctfw2 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 1, 11 | Size = 159880 bytes | Modified Date = 4/10/2008 3:14:20 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> Sonic Solutions [Ver = 2.03.16a | Size = 20576 bytes | Modified Date = 8/2/2004 2:03:00 AM | Attr = ]
(RT73) Linksys Home Wireless-G USB Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.02.0000 | Size = 245248 bytes | Modified Date = 11/24/2005 8:51:38 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.4060 | Size = 612352 bytes | Modified Date = 4/9/2004 2:41:30 PM | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\System32\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 7/14/2004 11:29:04 AM | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\System32\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 7/14/2004 11:28:50 AM | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\System32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25723 bytes | Modified Date = 8/13/2004 1:05:00 AM | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\System32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 8/13/2004 1:05:00 AM | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\System32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 8/13/2004 1:05:00 AM | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\System32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 8/13/2004 1:05:00 AM | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\System32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86202 bytes | Modified Date = 8/13/2004 1:05:00 AM | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\System32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 14715 bytes | Modified Date = 8/13/2004 1:05:00 AM | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\System32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 8/13/2004 1:05:00 AM | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\System32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 8/13/2004 1:05:00 AM | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\System32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 8/13/2004 1:05:00 AM | Attr = ]
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\GTNDIS5.SYS -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Modified Date = 9/25/2003 11:15:32 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
aiepk -> %UserProfile%\Desktop\aiepk2.exe [C:\Documents and Settings\ChadStewart\Desktop\aiepk2.exe] -> Fadsoft.com [Ver = 2, 0, 0, 1 | Size = 16896 bytes | Modified Date = 1/18/2004 12:55:22 PM | Attr = ]
BM33d6f161 -> %SystemRoot%\system32\lwyestqy.dll [Rundll32.exe "C:\WINDOWS\system32\lwyestqy.dll",s] -> [Ver = | Size = 90960 bytes | Modified Date = 5/24/2008 6:47:46 PM | Attr = ]
dla -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 8/13/2004 1:05:00 AM | Attr = ]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1 | Size = 233472 bytes | Modified Date = 10/23/2003 7:51:18 PM | Attr = ]
HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd.exe ["C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"] -> Hewlett-Packard [Ver = 1, 0, 0, 2 | Size = 49152 bytes | Modified Date = 6/25/2003 11:24:48 AM | Attr = ]
HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe] -> HP [Ver = 2.236.2.0 | Size = 188416 bytes | Modified Date = 1/13/2006 3:14:58 AM | Attr = ]
IEUpdate -> %SystemRoot%\system32\12520850k.exe [C:\WINDOWS\system32\12520850k.exe] -> File not found
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 2:46:34 PM | Attr = ]
igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 2:50:30 PM | Attr = ]
igfxtray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 2:49:46 PM | Attr = ]
ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe ["C:\Program Files\Spyware Doctor\pctsTray.exe"] -> PC Tools [Ver = 5.5.1.1 | Size = 1107848 bytes | Modified Date = 4/10/2008 3:14:30 PM | Attr = ]
lphc762j0eaep -> %SystemRoot%\system32\lphc762j0eaep.exe [C:\WINDOWS\system32\lphc762j0eaep.exe] -> [Ver = | Size = 93184 bytes | Modified Date = 6/2/2008 5:31:36 PM | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe ["C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey] -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 139320 bytes | Modified Date = 8/6/2004 3:50:00 AM | Attr = ]
Network Associates Error Reporting Service -> %CommonProgramFiles%\Network Associates\TalkBack\TBMon.exe ["C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"] -> Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Modified Date = 10/7/2003 9:48:56 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 8/27/2006 11:54:21 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix\RunThis.bat [C:\SDFix\RunThis.bat /second] -> [Ver = | Size = 698551 bytes | Modified Date = 5/27/2008 3:11:58 AM | Attr = ]
ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\SHSTAT.EXE ["C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE] -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 8/18/2004 8:00:00 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_03\bin\jusched.exe [C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe] -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 36975 bytes | Modified Date = 4/13/2005 3:48:52 AM | Attr = ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe ["C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r] -> Sonic Solutions [Ver = 1.01.33b | Size = 110592 bytes | Modified Date = 1/7/2004 1:01:00 AM | Attr = ]
WD Button Manager -> WDBtnMgr.exe [WDBtnMgr.exe] -> File not found
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices ->
IEUpdate -> %SystemRoot%\system32\12520850k.exe [C:\WINDOWS\system32\12520850k.exe] -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Esbh -> %SystemRoot%\system32\PPATCH~1\wuaclt.exe ["C:\WINDOWS\system32\PPATCH~1\wuaclt.exe" -vt yazb] -> File not found
IEUpdate -> %SystemRoot%\system32\12520850k.exe [C:\WINDOWS\system32\12520850k.exe] -> File not found
Ixqjiux -> %ProgramFiles%\Mіcrosoft\аti2evxx.exe ["C:\Program Files\Mіcrosoft\аti2evxx.exe"] -> File not found
< RunServices [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices ->
IEUpdate -> %SystemRoot%\system32\12520850k.exe [C:\WINDOWS\system32\12520850k.exe] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr = ]
< ChadStewart Startup Folder > -> C:\Documents and Settings\ChadStewart\Start Menu\Programs\Startup ->
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ ->
Your Image File Name Here without a path -> [Debugger] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> Explorer.exe -> File not found
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\vbpdtvdp.exe -> %SystemRoot%\system32\vbpdtvdp.exe -> Microsoft [Ver = 2.34.0799 | Size = 87513 bytes | Modified Date = 5/24/2008 6:38:45 PM | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> logonui.exe -> File not found
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> -> File not found
Control_RunDLL "sysdm.cpl" -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 2:45:38 PM | Attr = ]
nnnnNGYS -> nnnnNGYS.dll -> File not found
WinCtrl32 -> WinCtrl32.dll -> File not found

Edited by djprofit, 05 June 2008 - 06:06 PM.

  • 0

#13
djprofit
Posted 05 June 2008 - 06:02 PM

djprofit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Part 2:

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 1 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSAMSUNG_DVD-ROM_SD-616E_________________F501____\5&1ce3bd75&0&0.0.0 [IDE\CdRomSAMSUNG_DVD-ROM_SD-616E_________________F501____\5&1ce3bd75&0&0.0.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomSAMSUNG_CD-R/RW_SW-252S_________________R902____\5&1ce3bd75&0&0.1.0 [IDE\CdRomSAMSUNG_CD-R/RW_SW-252S_________________R902____\5&1ce3bd75&0&0.1.0] -> File not found
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 8/17/2006 8:37:31 AM | Attr = ]
autorun.inf [[autorun] | open=Launch.exe | icon=Launch.exe | ] -> D:\autorun.inf [ NTFS ] -> [Ver = | Size = 45 bytes | Modified Date = 6/6/2007 12:19:26 PM | Attr = ]
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> ->
HKEY_CURRENT_USER\: Main\\Search Page -> ->
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00110011-4b0b-44d5-9718-90c88817369b} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{086ae192-23a6-48d6-96ec-715f53797e85} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{150fa160-130d-451f-b863-b655061432ba} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{2d38a51a-23c9-48a1-a33c-48675aa2b494} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{2e9caff6-30c7-4208-8807-e79d4ec6f806} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{5321e378-ffad-4999-8c62-03ca8155f0b3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{587dbf2d-9145-4c9e-92c2-1f953da73773} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{79369d5c-2903-4b7a-ade2-d5e0dee14d24} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{799a370d-5993-4887-9df7-0a4756a77d00} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{98dbbf16-ca43-4c33-be80-99e6694468a4} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{a55581dc-2cdb-4089-8878-71a080b22342} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{b847676d-72ac-4393-bfff-43a1eb979352} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{bc97b254-b2b9-4d40-971d-78e0978f5f26} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Free Download Manager\iefdmcks.dll [FDMIECookiesBHO Class] -> [Ver = | Size = 81920 bytes | Modified Date = 8/20/2006 8:55:00 PM | Attr = ]
{cf021f40-3e14-23a5-cba2-717765721306} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{e2ddf680-9905-4dee-8c64-0a5de7fe133c} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{e7afff2a-1b57-49c7-bf6b-e5123394c970} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{fd9bc004-8331-4457-b830-4759ff704c22} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Download all with Free Download Manager -> file://%ProgramFiles%\Free Download Manager\dlall.htm -> File not found
Download selected with Free Download Manager -> file://%ProgramFiles%\Free Download Manager\dlselected.htm -> File not found
Download with Free Download Manager -> file://%ProgramFiles%\Free Download Manager\dllink.htm -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0EF8CDD7-F7C1-4339-A087-327494269C7D} -> (Compact Wireless-G USB Adapter) ->
{2B732375-AA15-4EC0-AE96-B33DAFB917E5} -> (Intel® PRO/100 VE Network Connection) ->
{2DAEF5BC-D324-4C23-A4DF-89E23A26DB11} -> () ->
{84479F13-888B-4EC6-BFDF-9E87ECE3EA8A} -> (Compact Wireless-G USB Adapter) ->
{BBC524EB-F826-4F51-B5D6-4843B8820033} -> (Compact Wireless-G USB Adapter) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 91, 0 | Size = 190344 bytes | Modified Date = 4/10/2008 3:14:22 PM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.1 | Size = 81920 bytes | Modified Date = 10/23/2003 7:51:20 PM | Attr = ]
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.micros...b?1155821185703[WUWebControl Class] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> ->
  • 0

#14
djprofit
Posted 05 June 2008 - 06:04 PM

djprofit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Part 3:

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\IEUpdate -> C:\WINDOWS\system32\12520850k.exe [C:\WINDOWS\system32\12520850k.exe] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 748 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\IEUpdate -> C:\WINDOWS\system32\12520850k.exe [C:\WINDOWS\system32\12520850k.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 4B 3B 47 D8 2F 59 17 20 11 92 D7 81 47 97 80 23 66 33 30 38 36 65 65 33 00 FD 07 00 3E 55 00 00 34 FA 07 00 4E 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 4F 3D DD 36 AA 9F 08 7D 07 B8 80 F3 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 5F 44 D6 F5 97 8A 19 CF C6 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 85 D0 3E 60 E1 C2 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> E8 F2 3B 93 CD 9B 02 6E 0F 21 A7 DC FB 34 08 91 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 88 FB 43 66 01 C2 C6 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 16373 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Free Music Zilla\FMZilla.exe -> C:\Program Files\Free Music Zilla\FMZilla.exe [C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module] -> [Ver = 1, 0, 0, 5 | Size = 626688 bytes | Modified Date = 10/17/2007 9:45:42 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe -> C:\Program Files\BitComet\BitComet.exe [C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> www.BitComet.com [Ver = 0.62. | Size = 2678784 bytes | Modified Date = 2/13/2006 1:02:48 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent] -> [Ver = | Size = 472368 bytes | Modified Date = 5/24/2008 6:39:01 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ChadStewart\Profit Docs\ebay\various stuff\utorrent.exe -> C:\Documents and Settings\ChadStewart\Profit Docs\ebay\various stuff\utorrent.exe [C:\Documents and Settings\ChadStewart\Profit Docs\ebay\various stuff\utorrent.exe:*:Disabled:utorrent] -> [Ver = | Size = 133120 bytes | Modified Date = 2/21/2006 4:47:21 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ChadStewart\Profit Docs\ebay\utorrent.exe -> C:\Documents and Settings\ChadStewart\Profit Docs\ebay\utorrent.exe [C:\Documents and Settings\ChadStewart\Profit Docs\ebay\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 6/2/2008 5:04:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\51545:TCP -> 51545:TCP:*:Enabled:192.168.1.2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->


[Files/Folders - Created Within 30 days]
327882R2FWJFW -> %SystemDrive%\327882R2FWJFW -> [Folder | Created Date = 5/27/2008 2:23:33 PM | Attr = ]
1 C:\*.tmp files -> C:\*.tmp ->
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 5/28/2008 7:57:27 PM | Attr = ]
ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Created Date = 5/26/2008 7:47:59 PM | Attr = ]
iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 5/26/2008 7:47:59 PM | Attr = ]
iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 5/26/2008 7:47:59 PM | Attr = ]
kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 5/26/2008 7:47:59 PM | Attr = ]
pctfw2.sys -> %SystemRoot%\System32\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 1, 11 | Size = 159880 bytes | Created Date = 5/26/2008 7:48:16 PM | Attr = ]
1064a -> %SystemRoot%\System32\1064a -> [Folder | Created Date = 5/24/2008 6:39:01 PM | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
at1 -> %SystemRoot%\System32\at1 -> [Folder | Created Date = 5/24/2008 6:39:01 PM | Attr = ]
blphc762j0eaep.scr -> %SystemRoot%\System32\blphc762j0eaep.scr -> Peter's Productions [Ver = 2.00.0002 | Size = 52736 bytes | Created Date = 6/2/2008 5:31:41 PM | Attr = ]
dvd2 -> %SystemRoot%\System32\dvd2 -> [Folder | Created Date = 5/24/2008 6:39:01 PM | Attr = ]
epempsdh.ini -> %SystemRoot%\System32\epempsdh.ini -> [Ver = | Size = 1433886 bytes | Created Date = 5/24/2008 6:49:13 PM | Attr = HS]
g39.exe -> %SystemRoot%\System32\g39.exe -> [Ver = | Size = 401963 bytes | Created Date = 5/24/2008 6:39:13 PM | Attr = ]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Created Date = 5/25/2008 10:05:08 PM | Attr = H ]
hI2 -> %SystemRoot%\System32\hI2 -> [Folder | Created Date = 5/24/2008 6:39:01 PM | Attr = ]
jjbmnktq.exe -> %SystemRoot%\System32\jjbmnktq.exe -> [Ver = | Size = 2560 bytes | Created Date = 5/24/2008 6:52:01 PM | Attr = ]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 5/27/2008 2:38:30 PM | Attr = ]
lphc762j0eaep.exe -> %SystemRoot%\System32\lphc762j0eaep.exe -> [Ver = | Size = 93184 bytes | Created Date = 6/2/2008 5:31:36 PM | Attr = ]
lwyestqy.dll -> %SystemRoot%\System32\lwyestqy.dll -> [Ver = | Size = 90960 bytes | Created Date = 5/24/2008 6:47:45 PM | Attr = ]
phc762j0eaep.bmp -> %SystemRoot%\System32\phc762j0eaep.bmp -> [Ver = | Size = 90838 bytes | Created Date = 6/2/2008 5:31:38 PM | Attr = ]
vbpdtvdp.exe -> %SystemRoot%\System32\vbpdtvdp.exe -> Microsoft [Ver = 2.34.0799 | Size = 87513 bytes | Created Date = 5/24/2008 6:38:45 PM | Attr = ]
Ycfggfii.ini -> %SystemRoot%\System32\Ycfggfii.ini -> [Ver = | Size = 919094 bytes | Created Date = 5/24/2008 6:45:52 PM | Attr = HS]
Ycfggfii.ini2 -> %SystemRoot%\System32\Ycfggfii.ini2 -> [Ver = | Size = 919094 bytes | Created Date = 5/24/2008 6:45:52 PM | Attr = HS]
?dobe -> %SystemRoot%\System32\Αdobe -> [Folder | Modified Date = 7/1/2007 1:41:11 AM | Attr = ]
??pPatch -> %SystemRoot%\System32\ΑрpPatch -> [Folder | Modified Date = 5/25/2008 7:17:46 PM | Attr = ]
accesss.exe -> %SystemRoot%\accesss.exe -> [Ver = | Size = 28416 bytes | Created Date = 5/28/2008 8:36:29 PM | Attr = ]
astctl32.ocx -> %SystemRoot%\astctl32.ocx -> [Ver = | Size = 26112 bytes | Created Date = 5/28/2008 8:36:29 PM | Attr = ]
avpcc.dll -> %SystemRoot%\avpcc.dll -> [Ver = | Size = 29696 bytes | Created Date = 5/28/2008 8:36:29 PM | Attr = ]
BM33d6f161.xml -> %SystemRoot%\BM33d6f161.xml -> [Ver = | Size = 109812 bytes | Created Date = 5/26/2008 7:44:37 PM | Attr = ]
clrssn.exe -> %SystemRoot%\clrssn.exe -> [Ver = | Size = 26368 bytes | Created Date = 5/28/2008 8:36:30 PM | Attr = ]
cpan.dll -> %SystemRoot%\cpan.dll -> [Ver = | Size = 22784 bytes | Created Date = 5/28/2008 8:36:30 PM | Attr = ]
ctfmon32.exe -> %SystemRoot%\ctfmon32.exe -> [Ver = | Size = 19200 bytes | Created Date = 5/28/2008 8:36:30 PM | Attr = ]
ctrlpan.dll -> %SystemRoot%\ctrlpan.dll -> [Ver = | Size = 27136 bytes | Created Date = 5/28/2008 8:36:30 PM | Attr = ]
default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1853 bytes | Created Date = 5/28/2008 8:35:29 PM | Attr = ]
directx32.exe -> %SystemRoot%\directx32.exe -> [Ver = | Size = 26624 bytes | Created Date = 5/28/2008 8:36:31 PM | Attr = ]
dnsrelay.dll -> %SystemRoot%\dnsrelay.dll -> [Ver = | Size = 9984 bytes | Created Date = 5/28/2008 8:36:31 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 5/28/2008 8:02:43 PM | Attr = ]
36 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
explore.exe -> %SystemRoot%\explore.exe -> [Ver = | Size = 19968 bytes | Created Date = 5/28/2008 8:36:31 PM | Attr = ]
explorer32.exe -> %SystemRoot%\explorer32.exe -> [Ver = | Size = 9728 bytes | Created Date = 5/28/2008 8:36:31 PM | Attr = ]
funniest.exe -> %SystemRoot%\funniest.exe -> [Ver = | Size = 11776 bytes | Created Date = 5/28/2008 8:36:31 PM | Attr = ]
funny.exe -> %SystemRoot%\funny.exe -> [Ver = | Size = 12032 bytes | Created Date = 5/28/2008 8:36:32 PM | Attr = ]
gfmnaaa.dll -> %SystemRoot%\gfmnaaa.dll -> [Ver = | Size = 19712 bytes | Created Date = 5/28/2008 8:36:32 PM | Attr = ]
helpcvs.exe -> %SystemRoot%\helpcvs.exe -> [Ver = | Size = 18432 bytes | Created Date = 5/28/2008 8:36:32 PM | Attr = ]
inetinf.exe -> %SystemRoot%\inetinf.exe -> [Ver = | Size = 29184 bytes | Created Date = 5/28/2008 8:36:33 PM | Attr = ]
loader.exe -> %SystemRoot%\loader.exe -> [Ver = | Size = 25856 bytes | Created Date = 5/28/2008 8:36:33 PM | Attr = ]
mainms.vpi -> %SystemRoot%\mainms.vpi -> [Ver = | Size = 138 bytes | Created Date = 5/24/2008 6:38:44 PM | Attr = RHS]
msspi.dll -> %SystemRoot%\msspi.dll -> [Ver = | Size = 15104 bytes | Created Date = 5/28/2008 8:36:33 PM | Attr = ]
mswsc10.dll -> %SystemRoot%\mswsc10.dll -> [Ver = | Size = 19968 bytes | Created Date = 5/28/2008 8:36:34 PM | Attr = ]
mswsc20.dll -> %SystemRoot%\mswsc20.dll -> [Ver = | Size = 32512 bytes | Created Date = 5/28/2008 8:36:34 PM | Attr = ]
mtwirl32.dll -> %SystemRoot%\mtwirl32.dll -> [Ver = | Size = 14848 bytes | Created Date = 5/28/2008 8:36:34 PM | Attr = ]
olehelp.exe -> %SystemRoot%\olehelp.exe -> [Ver = | Size = 27904 bytes | Created Date = 5/28/2008 8:36:35 PM | Attr = ]
pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 21 bytes | Created Date = 5/26/2008 7:44:37 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 6/3/2008 2:49:35 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 6/3/2008 2:49:35 PM | Attr = H ]
qttasks.exe -> %SystemRoot%\qttasks.exe -> [Ver = | Size = 21248 bytes | Created Date = 5/28/2008 8:36:35 PM | Attr = ]
rundll32.vbe -> %SystemRoot%\rundll32.vbe -> [Ver = | Size = 15104 bytes | Created Date = 5/28/2008 8:36:35 PM | Attr = ]
searchword.dll -> %SystemRoot%\searchword.dll -> [Ver = | Size = 29952 bytes | Created Date = 5/28/2008 8:36:36 PM | Attr = ]
sistem.exe -> %SystemRoot%\sistem.exe -> [Ver = | Size = 11520 bytes | Created Date = 5/28/2008 8:36:36 PM | Attr = ]
svcinit.exe -> %SystemRoot%\svcinit.exe -> [Ver = | Size = 8704 bytes | Created Date = 5/28/2008 8:36:36 PM | Attr = ]
systeem.exe -> %SystemRoot%\systeem.exe -> [Ver = | Size = 32000 bytes | Created Date = 5/28/2008 8:36:36 PM | Attr = ]
systemcritical.exe -> %SystemRoot%\systemcritical.exe -> [Ver = | Size = 13568 bytes | Created Date = 5/28/2008 8:36:37 PM | Attr = ]
time.exe -> %SystemRoot%\time.exe -> [Ver = | Size = 15616 bytes | Created Date = 5/28/2008 8:36:37 PM | Attr = ]
users32.exe -> %SystemRoot%\users32.exe -> [Ver = | Size = 25344 bytes | Created Date = 5/28/2008 8:36:37 PM | Attr = ]
waol.exe -> %SystemRoot%\waol.exe -> [Ver = | Size = 9984 bytes | Created Date = 5/28/2008 8:36:37 PM | Attr = ]
win32e.exe -> %SystemRoot%\win32e.exe -> [Ver = | Size = 28928 bytes | Created Date = 5/28/2008 8:36:38 PM | Attr = ]
win64.exe -> %SystemRoot%\win64.exe -> [Ver = | Size = 23552 bytes | Created Date = 5/28/2008 8:36:38 PM | Attr = ]
winajbm.dll -> %SystemRoot%\winajbm.dll -> [Ver = | Size = 11008 bytes | Created Date = 5/28/2008 8:36:38 PM | Attr = ]
winmgnt.exe -> %SystemRoot%\winmgnt.exe -> [Ver = | Size = 19200 bytes | Created Date = 5/28/2008 8:36:38 PM | Attr = ]
x.exe -> %SystemRoot%\x.exe -> [Ver = | Size = 30720 bytes | Created Date = 5/28/2008 8:36:38 PM | Attr = ]
xplugin.dll -> %SystemRoot%\xplugin.dll -> [Ver = | Size = 10752 bytes | Created Date = 5/28/2008 8:36:38 PM | Attr = ]
xxxvideo.hta -> %SystemRoot%\xxxvideo.hta -> [Ver = | Size = 10752 bytes | Created Date = 5/28/2008 8:36:39 PM | Attr = ]
y.exe -> %SystemRoot%\y.exe -> [Ver = | Size = 16896 bytes | Created Date = 5/28/2008 8:36:39 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
PC Tools -> %AllUsersProfile%\Application Data\PC Tools -> [Folder | Created Date = 5/26/2008 7:47:51 PM | Attr = ]
TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 5/26/2008 7:21:00 PM | Attr = ]
@Alternate Data Stream - 190 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
PC Tools -> %AppData%\PC Tools -> [Folder | Created Date = 5/26/2008 7:47:51 PM | Attr = ]
?ystem -> %UserProfile%\My Documents\ѕystem -> [Folder | Modified Date = 8/11/2007 1:57:09 PM | Attr = ]
Spyware Doctor.lnk -> %AllUsersProfile%\Desktop\Spyware Doctor.lnk -> [Ver = | Size = 1637 bytes | Created Date = 5/26/2008 7:48:06 PM | Attr = ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 5/27/2008 2:25:15 PM | Attr = ]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1955921 bytes | Created Date = 5/27/2008 2:22:32 PM | Attr = ]
HijackThis.exe -> %UserProfile%\Desktop\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Created Date = 5/26/2008 7:12:06 PM | Attr = ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1403 bytes | Created Date = 5/26/2008 7:12:06 PM | Attr = ]
HJ.exe -> %UserProfile%\Desktop\HJ.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 5/26/2008 7:10:09 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/4/2008 11:39:44 AM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 545259 bytes | Created Date = 5/29/2008 11:03:53 PM | Attr = ]
ProcessExplorer -> %UserProfile%\Desktop\ProcessExplorer -> [Folder | Created Date = 5/26/2008 7:15:38 PM | Attr = ]
ProcessExplorer.zip -> %UserProfile%\Desktop\ProcessExplorer.zip -> [Ver = | Size = 1604124 bytes | Created Date = 5/26/2008 7:14:54 PM | Attr = ]
scan.htm -> %UserProfile%\Desktop\scan.htm -> [Ver = | Size = 607047 bytes | Created Date = 5/27/2008 12:09:28 PM | Attr = ]
sdasetup.exe -> %UserProfile%\Desktop\sdasetup.exe -> PC Tools [Ver = 5.5.1.322 | Size = 31403344 bytes | Created Date = 5/26/2008 7:10:55 PM | Attr = ]
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [Ver = | Size = 1681135 bytes | Created Date = 5/28/2008 7:55:45 PM | Attr = ]
PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Created Date = 5/26/2008 7:48:01 PM | Attr = ]
s?curity -> %CommonProgramFiles%\sеcurity -> [Folder | Modified Date = 6/30/2007 9:21:49 PM | Attr = ]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor -> [Folder | Created Date = 5/26/2008 7:47:51 PM | Attr = ]
uTorrent -> %ProgramFiles%\uTorrent -> [Folder | Created Date = 5/24/2008 6:38:54 PM | Attr = ]
?ystem32 -> %ProgramFiles%\ѕystem32 -> [Folder | Modified Date = 8/11/2007 1:56:59 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
327882R2FWJFW -> %SystemDrive%\327882R2FWJFW -> [Folder | Modified Date = 5/29/2008 7:28:58 PM | Attr = ]
1 C:\*.tmp files -> C:\*.tmp ->
Music -> %SystemDrive%\Music -> [Folder | Modified Date = 6/3/2008 3:35:28 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/27/2008 3:03:59 PM | Attr = ]
quarantine -> %SystemDrive%\quarantine -> [Folder | Modified Date = 5/25/2008 7:18:46 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 6/4/2008 11:32:31 AM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 6/3/2008 4:23:30 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/4/2008 11:33:45 AM | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 5/28/2008 8:15:44 PM | Attr = ]
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [Ver = | Size = 686 bytes | Modified Date = 5/28/2008 8:15:44 PM | Attr = ]
1064a -> %SystemRoot%\System32\1064a -> [Folder | Modified Date = 5/24/2008 7:52:20 PM | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 5/5/2008 7:19:53 PM | Attr = ]
at1 -> %SystemRoot%\System32\at1 -> [Folder | Modified Date = 5/24/2008 7:52:20 PM | Attr = ]
blphc762j0eaep.scr -> %SystemRoot%\System32\blphc762j0eaep.scr -> Peter's Productions [Ver = 2.00.0002 | Size = 52736 bytes | Modified Date = 6/4/2008 11:31:47 AM | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/3/2008 4:43:51 PM | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 5/27/2008 12:07:24 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 6/4/2008 11:33:54 AM | Attr = ]
dvd2 -> %SystemRoot%\System32\dvd2 -> [Folder | Modified Date = 5/24/2008 6:39:01 PM | Attr = ]
epempsdh.ini -> %SystemRoot%\System32\epempsdh.ini -> [Ver = | Size = 1433886 bytes | Modified Date = 5/26/2008 7:47:46 PM | Attr = HS]
g39.exe -> %SystemRoot%\System32\g39.exe -> [Ver = | Size = 401963 bytes | Modified Date = 5/24/2008 6:39:14 PM | Attr = ]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Modified Date = 5/25/2008 10:05:18 PM | Attr = H ]
hI2 -> %SystemRoot%\System32\hI2 -> [Folder | Modified Date = 5/24/2008 7:52:20 PM | Attr = ]
jjbmnktq.exe -> %SystemRoot%\System32\jjbmnktq.exe -> [Ver = | Size = 2560 bytes | Modified Date = 5/24/2008 6:52:01 PM | Attr = ]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 5/27/2008 2:38:30 PM | Attr = ]
lphc762j0eaep.exe -> %SystemRoot%\System32\lphc762j0eaep.exe -> [Ver = | Size = 93184 bytes | Modified Date = 6/2/2008 5:31:36 PM | Attr = ]
lwyestqy.dll -> %SystemRoot%\System32\lwyestqy.dll -> [Ver = | Size = 90960 bytes | Modified Date = 5/24/2008 6:47:46 PM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 59780 bytes | Modified Date = 5/26/2008 7:29:14 PM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 397560 bytes | Modified Date = 5/26/2008 7:29:14 PM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 464860 bytes | Modified Date = 5/26/2008 7:29:13 PM | Attr = ]
phc762j0eaep.bmp -> %SystemRoot%\System32\phc762j0eaep.bmp -> [Ver = | Size = 90838 bytes | Modified Date = 6/4/2008 11:31:43 AM | Attr = ]
vbpdtvdp.exe -> %SystemRoot%\System32\vbpdtvdp.exe -> Microsoft [Ver = 2.34.0799 | Size = 87513 bytes | Modified Date = 5/24/2008 6:38:45 PM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/4/2008 11:33:45 AM | Attr = ]
Ycfggfii.ini -> %SystemRoot%\System32\Ycfggfii.ini -> [Ver = | Size = 919094 bytes | Modified Date = 5/26/2008 7:54:15 PM | Attr = HS]
Ycfggfii.ini2 -> %SystemRoot%\System32\Ycfggfii.ini2 -> [Ver = | Size = 919094 bytes | Modified Date = 5/26/2008 7:52:28 PM | Attr = HS]
?dobe -> %SystemRoot%\System32\Αdobe -> [Folder | Modified Date = 7/1/2007 1:41:11 AM | Attr = ]
??pPatch -> %SystemRoot%\System32\ΑрpPatch -> [Folder | Modified Date = 5/25/2008 7:17:46 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/20/2008 4:37:07 PM | Attr = H ]
36 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
accesss.exe -> %SystemRoot%\accesss.exe -> [Ver = | Size = 28416 bytes | Modified Date = 5/28/2008 8:36:29 PM | Attr = ]
astctl32.ocx -> %SystemRoot%\astctl32.ocx -> [Ver = | Size = 26112 bytes | Modified Date = 5/28/2008 8:36:29 PM | Attr = ]
avpcc.dll -> %SystemRoot%\avpcc.dll -> [Ver = | Size = 29696 bytes | Modified Date = 5/28/2008 8:36:29 PM | Attr = ]
BM33d6f161.xml -> %SystemRoot%\BM33d6f161.xml -> [Ver = | Size = 109812 bytes | Modified Date = 6/3/2008 2:49:22 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/4/2008 11:31:33 AM | Attr = S]
clrssn.exe -> %SystemRoot%\clrssn.exe -> [Ver = | Size = 26368 bytes | Modified Date = 5/28/2008 8:36:30 PM | Attr = ]
cpan.dll -> %SystemRoot%\cpan.dll -> [Ver = | Size = 22784 bytes | Modified Date = 5/28/2008 8:36:30 PM | Attr = ]
ctfmon32.exe -> %SystemRoot%\ctfmon32.exe -> [Ver = | Size = 19200 bytes | Modified Date = 5/28/2008 8:36:30 PM | Attr = ]
ctrlpan.dll -> %SystemRoot%\ctrlpan.dll -> [Ver = | Size = 27136 bytes | Modified Date = 5/28/2008 8:36:30 PM | Attr = ]
default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1853 bytes | Modified Date = 6/4/2008 11:33:43 AM | Attr = ]
directx32.exe -> %SystemRoot%\directx32.exe -> [Ver = | Size = 26624 bytes | Modified Date = 5/28/2008 8:36:31 PM | Attr = ]
dnsrelay.dll -> %SystemRoot%\dnsrelay.dll -> [Ver = | Size = 9984 bytes | Modified Date = 5/28/2008 8:36:31 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 5/28/2008 8:02:56 PM | Attr = ]
explore.exe -> %SystemRoot%\explore.exe -> [Ver = | Size = 19968 bytes | Modified Date = 5/28/2008 8:36:31 PM | Attr = ]
explorer32.exe -> %SystemRoot%\explorer32.exe -> [Ver = | Size = 9728 bytes | Modified Date = 5/28/2008 8:36:31 PM | Attr = ]
funniest.exe -> %SystemRoot%\funniest.exe -> [Ver = | Size = 11776 bytes | Modified Date = 5/28/2008 8:36:31 PM | Attr = ]
funny.exe -> %SystemRoot%\funny.exe -> [Ver = | Size = 12032 bytes | Modified Date = 5/28/2008 8:36:32 PM | Attr = ]
gfmnaaa.dll -> %SystemRoot%\gfmnaaa.dll -> [Ver = | Size = 19712 bytes | Modified Date = 5/28/2008 8:36:32 PM | Attr = ]
helpcvs.exe -> %SystemRoot%\helpcvs.exe -> [Ver = | Size = 18432 bytes | Modified Date = 5/28/2008 8:36:32 PM | Attr = ]
inetinf.exe -> %SystemRoot%\inetinf.exe -> [Ver = | Size = 29184 bytes | Modified Date = 5/28/2008 8:36:33 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/27/2008 2:38:30 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/24/2008 6:46:03 PM | Attr = HS]
loader.exe -> %SystemRoot%\loader.exe -> [Ver = | Size = 25856 bytes | Modified Date = 5/28/2008 8:36:33 PM | Attr = ]
mainms.vpi -> %SystemRoot%\mainms.vpi -> [Ver = | Size = 138 bytes | Modified Date = 5/24/2008 6:38:44 PM | Attr = RHS]
msspi.dll -> %SystemRoot%\msspi.dll -> [Ver = | Size = 15104 bytes | Modified Date = 5/28/2008 8:36:33 PM | Attr = ]
mswsc10.dll -> %SystemRoot%\mswsc10.dll -> [Ver = | Size = 19968 bytes | Modified Date = 5/28/2008 8:36:34 PM | Attr = ]
mswsc20.dll -> %SystemRoot%\mswsc20.dll -> [Ver = | Size = 32512 bytes | Modified Date = 5/28/2008 8:36:34 PM | Attr = ]
mtwirl32.dll -> %SystemRoot%\mtwirl32.dll -> [Ver = | Size = 14848 bytes | Modified Date = 5/28/2008 8:36:34 PM | Attr = ]
olehelp.exe -> %SystemRoot%\olehelp.exe -> [Ver = | Size = 27904 bytes | Modified Date = 5/28/2008 8:36:35 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/4/2008 11:40:09 AM | Attr = ]
pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 21 bytes | Modified Date = 6/3/2008 10:40:30 AM | Attr = ]
Q2hhZA -> %SystemRoot%\Q2hhZA -> [Folder | Modified Date = 5/24/2008 7:54:53 PM | Attr = HS]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 6/3/2008 2:49:35 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/3/2008 2:49:35 PM | Attr = H ]
qttasks.exe -> %SystemRoot%\qttasks.exe -> [Ver = | Size = 21248 bytes | Modified Date = 5/28/2008 8:36:35 PM | Attr = ]

Edited by djprofit, 05 June 2008 - 06:05 PM.

  • 0

#15
djprofit
Posted 05 June 2008 - 06:05 PM

djprofit

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Part 4:

randseed.rnd -> %SystemRoot%\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 6/4/2008 11:36:45 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/5/2008 7:01:47 PM | Attr = ]
rundll32.vbe -> %SystemRoot%\rundll32.vbe -> [Ver = | Size = 15104 bytes | Modified Date = 5/28/2008 8:36:35 PM | Attr = ]
searchword.dll -> %SystemRoot%\searchword.dll -> [Ver = | Size = 29952 bytes | Modified Date = 5/28/2008 8:36:36 PM | Attr = ]
sistem.exe -> %SystemRoot%\sistem.exe -> [Ver = | Size = 11520 bytes | Modified Date = 5/28/2008 8:36:36 PM | Attr = ]
svcinit.exe -> %SystemRoot%\svcinit.exe -> [Ver = | Size = 8704 bytes | Modified Date = 5/28/2008 8:36:36 PM | Attr = ]
systeem.exe -> %SystemRoot%\systeem.exe -> [Ver = | Size = 32000 bytes | Modified Date = 5/28/2008 8:36:36 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 257 bytes | Modified Date = 6/3/2008 12:33:04 PM | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 6/2/2008 5:31:41 PM | Attr = ]
systemcritical.exe -> %SystemRoot%\systemcritical.exe -> [Ver = | Size = 13568 bytes | Modified Date = 5/28/2008 8:36:37 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/27/2008 3:03:59 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/4/2008 11:36:43 AM | Attr = ]
time.exe -> %SystemRoot%\time.exe -> [Ver = | Size = 15616 bytes | Modified Date = 5/28/2008 8:36:37 PM | Attr = ]
users32.exe -> %SystemRoot%\users32.exe -> [Ver = | Size = 25344 bytes | Modified Date = 5/28/2008 8:36:37 PM | Attr = ]
waol.exe -> %SystemRoot%\waol.exe -> [Ver = | Size = 9984 bytes | Modified Date = 5/28/2008 8:36:37 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 884 bytes | Modified Date = 6/3/2008 12:33:04 PM | Attr = ]
win32e.exe -> %SystemRoot%\win32e.exe -> [Ver = | Size = 28928 bytes | Modified Date = 5/28/2008 8:36:38 PM | Attr = ]
win64.exe -> %SystemRoot%\win64.exe -> [Ver = | Size = 23552 bytes | Modified Date = 5/28/2008 8:36:38 PM | Attr = ]
winajbm.dll -> %SystemRoot%\winajbm.dll -> [Ver = | Size = 11008 bytes | Modified Date = 5/28/2008 8:36:38 PM | Attr = ]
winmgnt.exe -> %SystemRoot%\winmgnt.exe -> [Ver = | Size = 19200 bytes | Modified Date = 5/28/2008 8:36:38 PM | Attr = ]
x.exe -> %SystemRoot%\x.exe -> [Ver = | Size = 30720 bytes | Modified Date = 5/28/2008 8:36:38 PM | Attr = ]
xplugin.dll -> %SystemRoot%\xplugin.dll -> [Ver = | Size = 10752 bytes | Modified Date = 5/28/2008 8:36:38 PM | Attr = ]
xxxvideo.hta -> %SystemRoot%\xxxvideo.hta -> [Ver = | Size = 10752 bytes | Modified Date = 5/28/2008 8:36:39 PM | Attr = ]
y.exe -> %SystemRoot%\y.exe -> [Ver = | Size = 16896 bytes | Modified Date = 5/28/2008 8:36:39 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/4/2008 11:31:35 AM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 8/17/2006 9:28:15 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 5/24/2008 6:40:55 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5096 bytes | Modified Date = 5/24/2008 6:40:50 PM | Attr = ]
C:\Documents and Settings\ChadStewart\Local Settings\Temp\ -> C:\Documents and Settings\ChadStewart\Local Settings\Temp -> [Folder | Modified Date = 6/4/2008 11:36:47 AM | Attr = ]
Perflib_Perfdata_c24.dat -> C:\Documents and Settings\ChadStewart\Local Settings\Temp\Perflib_Perfdata_c24.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/4/2008 11:33:54 AM | Attr = ]
44 C:\Documents and Settings\ChadStewart\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\ChadStewart\Local Settings\Temp\*.tmp ->
C:\WINDOWS\Temp\4D95\ -> C:\WINDOWS\Temp\4D95 -> [Folder | Modified Date = 5/29/2008 11:05:31 PM | Attr = ]
CLEAN.DAT -> C:\WINDOWS\Temp\4D95\CLEAN.DAT -> [Ver = | Size = 1624874 bytes | Modified Date = 5/23/2008 5:20:00 AM | Attr = ]
NAMES.DAT -> C:\WINDOWS\Temp\4D95\NAMES.DAT -> [Ver = | Size = 866546 bytes | Modified Date = 5/23/2008 5:20:00 AM | Attr = ]
SCAN.DAT -> C:\WINDOWS\Temp\4D95\SCAN.DAT -> [Ver = | Size = 29722777 bytes | Modified Date = 5/23/2008 5:20:00 AM | Attr = ]
C:\WINDOWS\Temp\52A1\ -> C:\WINDOWS\Temp\52A1 -> [Folder | Modified Date = 6/2/2008 4:23:38 PM | Attr = ]
CLEAN.DAT -> C:\WINDOWS\Temp\52A1\CLEAN.DAT -> [Ver = | Size = 1654950 bytes | Modified Date = 5/30/2008 5:20:00 AM | Attr = ]
NAMES.DAT -> C:\WINDOWS\Temp\52A1\NAMES.DAT -> [Ver = | Size = 867340 bytes | Modified Date = 5/30/2008 5:20:00 AM | Attr = ]
SCAN.DAT -> C:\WINDOWS\Temp\52A1\SCAN.DAT -> [Ver = | Size = 29941618 bytes | Modified Date = 5/30/2008 5:20:00 AM | Attr = ]
C:\WINDOWS\Temp\62A4\ -> C:\WINDOWS\Temp\62A4 -> [Folder | Modified Date = 6/3/2008 3:02:29 PM | Attr = ]
CLEAN.DAT -> C:\WINDOWS\Temp\62A4\CLEAN.DAT -> [Ver = | Size = 1663866 bytes | Modified Date = 6/2/2008 5:20:00 AM | Attr = ]
NAMES.DAT -> C:\WINDOWS\Temp\62A4\NAMES.DAT -> [Ver = | Size = 867559 bytes | Modified Date = 6/2/2008 5:20:00 AM | Attr = ]
SCAN.DAT -> C:\WINDOWS\Temp\62A4\SCAN.DAT -> [Ver = | Size = 29965786 bytes | Modified Date = 6/2/2008 5:20:00 AM | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
PC Tools -> %AllUsersProfile%\Application Data\PC Tools -> [Folder | Modified Date = 5/26/2008 7:47:51 PM | Attr = ]
TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 6/4/2008 11:32:55 AM | Attr = ]
@Alternate Data Stream - 190 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 5/27/2008 2:59:29 PM | Attr = ]
Free Download Manager -> %AppData%\Free Download Manager -> [Folder | Modified Date = 6/3/2008 2:48:37 PM | Attr = ]
Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 5/24/2008 6:38:53 PM | Attr = S]
PC Tools -> %AppData%\PC Tools -> [Folder | Modified Date = 5/26/2008 7:47:51 PM | Attr = ]
uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 6/3/2008 3:32:18 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 100864 bytes | Modified Date = 6/3/2008 4:40:27 PM | Attr = ]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 5368018 bytes | Modified Date = 6/3/2008 4:42:50 PM | Attr = H ]
?ystem -> %UserProfile%\My Documents\ѕystem -> [Folder | Modified Date = 8/11/2007 1:57:09 PM | Attr = ]
Spyware Doctor.lnk -> %AllUsersProfile%\Desktop\Spyware Doctor.lnk -> [Ver = | Size = 1637 bytes | Modified Date = 5/26/2008 7:48:06 PM | Attr = ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 5/27/2008 2:25:08 PM | Attr = ]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1955921 bytes | Modified Date = 5/27/2008 2:22:36 PM | Attr = ]
HijackThis.exe -> %UserProfile%\Desktop\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 5/26/2008 7:12:06 PM | Attr = ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1403 bytes | Modified Date = 5/26/2008 7:12:06 PM | Attr = ]
HJ.exe -> %UserProfile%\Desktop\HJ.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 5/26/2008 7:10:49 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 6/4/2008 11:39:44 AM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 545259 bytes | Modified Date = 5/29/2008 11:03:55 PM | Attr = ]
ProcessExplorer -> %UserProfile%\Desktop\ProcessExplorer -> [Folder | Modified Date = 6/2/2008 6:27:19 PM | Attr = ]
ProcessExplorer.zip -> %UserProfile%\Desktop\ProcessExplorer.zip -> [Ver = | Size = 1604124 bytes | Modified Date = 5/26/2008 7:15:06 PM | Attr = ]
scan.htm -> %UserProfile%\Desktop\scan.htm -> [Ver = | Size = 607047 bytes | Modified Date = 5/27/2008 12:09:29 PM | Attr = ]
sdasetup.exe -> %UserProfile%\Desktop\sdasetup.exe -> PC Tools [Ver = 5.5.1.322 | Size = 31403344 bytes | Modified Date = 5/26/2008 7:11:37 PM | Attr = ]
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [Ver = | Size = 1681135 bytes | Modified Date = 5/28/2008 7:55:53 PM | Attr = ]
PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Modified Date = 5/26/2008 7:49:12 PM | Attr = ]
s?curity -> %CommonProgramFiles%\sеcurity -> [Folder | Modified Date = 6/30/2007 9:21:49 PM | Attr = ]

< End of report >
[/code]

Edited by djprofit, 05 June 2008 - 06:05 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP