Ok I followed your additional instructions and here are my logs:
ComboFix 08-01-15.1 - Owner 2008-01-15 17:44:57.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
FILE
C:\WINDOWS\BMab9e7ec6.xml
C:\WINDOWS\system32\kutuclrb.dll
C:\WINDOWS\system32\txklqcjt.ini
C:\WINDOWS\system32\xxlkyllp.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMab9e7ec6.xml
C:\WINDOWS\system32\kutuclrb.dll
C:\WINDOWS\system32\txklqcjt.ini
.
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.
2008-01-14 15:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 12:35 . 2008-01-14 12:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-13 23:49 . 2008-01-13 23:49 <DIR> d-------- C:\Program Files\CCleaner
2008-01-13 23:32 . 2008-01-13 23:32 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-12 00:38 . 2007-10-10 17:55 6,065,664 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-12 00:38 . 2007-06-30 21:31 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-12 00:38 . 2007-06-30 21:36 991,232 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-12 00:38 . 2007-10-10 17:55 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-12 00:38 . 2007-10-10 17:55 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-12 00:38 . 2007-10-10 17:55 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-12 00:38 . 2007-10-10 17:55 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-12 00:38 . 2007-10-10 17:55 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-12 00:38 . 2007-10-10 04:59 13,824 --a--c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-12 00:28 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-12 00:18 . 2006-08-21 03:14 128,896 --a--c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-12 00:18 . 2006-08-21 03:14 23,040 --a--c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-12 00:18 . 2006-08-21 06:21 16,896 --a--c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-12 00:08 . 2007-07-09 07:16 582,656 --a--c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-11 18:57 . 2008-01-11 18:57 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-11 18:10 . 2004-08-04 00:56 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-01-11 18:09 . 2006-03-16 18:33 262,784 --a------ C:\WINDOWS\system32\drivers\http.sys
2008-01-11 18:09 . 2002-04-15 21:11 67,866 --a------ C:\WINDOWS\system32\drivers\netwlan5.img
2008-01-11 18:09 . 2004-08-02 14:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-01-11 18:09 . 2004-08-02 14:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-01-11 14:04 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-11 13:03 . 2008-01-14 14:09 22 --a------ C:\WINDOWS\pskt.ini
2007-12-27 23:00 . 2007-12-27 23:00 <DIR> d-------- C:\Program Files\Panicware
2007-12-25 09:48 . 2008-01-13 22:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitZipper
2007-12-25 09:47 . 2008-01-14 00:35 <DIR> d-------- C:\Program Files\BitZipper
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 17:24 --------- d-----w C:\Program Files\McAfee
2008-01-14 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-14 06:32 --------- d-----w C:\Program Files\MyWay
2008-01-12 06:09 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-11 20:04 --------- d-----w C:\Program Files\Java
2008-01-11 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-11 16:56 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-11 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-10 22:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-10 18:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\WeatherBug
2007-12-20 05:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 04:55 3,688 ----a-w C:\Documents and Settings\Owner\recentused.dat
2007-12-15 05:12 --------- d-----w C:\Program Files\Lavasoft
2007-12-15 05:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-12-15 05:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-14 20:23 --------- d-----w C:\Program Files\Winamp
2007-12-14 13:23 --------- d-----w C:\Program Files\Coupons
2007-12-14 13:16 --------- d-----w C:\Program Files\NoteCable
2007-12-14 13:16 --------- d-----w C:\Program Files\MP3 Wav Editor
2007-12-14 01:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\Tunebite
2007-12-14 00:28 --------- d-----w C:\Program Files\Lx_cats
2007-12-11 23:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-11 23:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\NoteCable
2007-12-11 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
2007-12-11 16:03 --------- d-----w C:\Program Files\RapidSolution
2007-12-06 21:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
2007-12-06 21:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\Keyhole
2007-12-06 21:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\ImgBurn
2007-12-06 21:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\FaxCtr
2007-12-06 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-06 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaxCtr
2007-11-16 15:30 26,912 ----a-w C:\WINDOWS\system32\drivers\tbhsd.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2005-10-07 00:30 9,516,504 ----a-w C:\Documents and Settings\Owner\DesktopDoctor1.0.exe
2002-09-11 14:26 63,730 -c--a-w C:\Program Files\viewsonicinstruct_xp.pdf
.
((((((((((((((((((((((((((((( snapshot@2008-01-15_16.46.08.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-14 21:43:34 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000001\NTUSER.DAT
+ 2008-01-15 23:44:13 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000001\NTUSER.DAT
- 2008-01-14 21:43:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000002\UsrClass.dat
+ 2008-01-15 23:44:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000002\UsrClass.dat
- 2008-01-14 21:43:34 8,581,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000003\ntuser.dat
+ 2008-01-15 23:44:13 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000003\NTUSER.DAT
- 2008-01-14 21:43:34 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000004\UsrClass.dat
+ 2008-01-15 23:44:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000004\UsrClass.dat
- 2008-01-14 21:43:34 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000005\NTUSER.DAT
+ 2008-01-15 23:44:14 8,581,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000005\ntuser.dat
- 2008-01-14 21:43:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000006\UsrClass.dat
+ 2008-01-15 23:44:14 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000006\UsrClass.dat
- 2008-01-14 20:06:59 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-15 22:32:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-14 20:06:59 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-15 22:32:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-14 20:06:59 229,376 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-15 22:32:55 229,376 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-07-30 14:57 1593344]
"NVIEW"="nview.dll" [2003-03-03 12:44 831557 C:\WINDOWS\system32\nview.dll]
"Aim6"="" []
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2004-09-22 04:43 188416]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-09-22 10:18 299008]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 07:24 61440]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-03-30 17:38 98304]
"AOL Messenger Optimized"="AOLOpt.exe" []
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-07-12 14:13 8192]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-03 12:44 4595712]
"nwiz"="nwiz.exe" [2003-03-03 12:44 323584 C:\WINDOWS\system32\nwiz.exe]
"\\SCOTT\EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [2004-04-26 04:00 98304]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-09-10 05:55 69632]
"Auto EPSONsty on JEFFREY-NTBK"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [2004-04-26 04:00 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"BMab9e7ec6"="C:\WINDOWS\system32\xxlkyllp.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"AOL Messenger Optimized"="AOLOpt.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-07-29 22:24:47]
Instant Wireless Configuration Utility.lnk - C:\Program Files\Linksys\Wireless Network PC Card\WPC11CFG.exe [2005-06-16 12:17:05]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfdbxx]
khfdbxx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Instant Wireless Configuration Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Instant Wireless Configuration Utility.lnk
backup=C:\WINDOWS\pss\Instant Wireless Configuration Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 12:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
--a------ 2002-06-22 08:27 69632 c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 01:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-03-03 12:44 4595712 C:\WINDOWS\System32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-03-03 12:44 323584 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-13 22:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 18:42 69632 c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TeddyWareZ' MagicKillah]
C:\Program Files\TwZ\MagicKillah\MagicKillah.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-10-23 12:30 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
--a------ 2004-07-30 14:57 1593344 C:\Program Files\AWS\WeatherBug\Weather.exe
R3 WUSB11;Instant Wireless USB Network Adapter ver.2.5 Driver;C:\WINDOWS\system32\DRIVERS\LSWLUSB.sys [2002-05-28 16:28]
S3 CoachUsb;DIGITREX Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2002-10-16 17:21]
S3 notecable;NoteCable Driver (WDM);C:\WINDOWS\system32\drivers\notcable.sys []
S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []
S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys [2007-11-16 09:30]
.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 07:12:32 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-01 07:00:11 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-01-15 22:31:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-15 17:58:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
AOL Messenger Optimized = AOLOpt.exe?
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\\\SCOTT\\EPSON Stylus Photo R320 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9FA.EXE /P38 \"\\\\SCOTT\\EPSON Stylus Photo R320 Series\" /O6 \"USB001\" /M \"Stylus Photo R320\""
.
Completion time: 2008-01-15 18:07:54
ComboFix-quarantined-files.txt 2008-01-16 00:06:59
ComboFix2.txt 2008-01-15 22:47:13
.
2008-01-14 01:41:52 --- E O F ---
WinPFind35 logfile created on: 1/15/2008 7:32:08 PM
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
447.36 Mb Total Physical Memory | 77.55 Mb Available Physical Memory | 17.34% Memory free
1.03 Gb Paging File | 0.70 Gb Available in Paging File | 67.82% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.34 Gb Total Space | 39.82 Gb Free Space | 37.10% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 0.67 Gb Free Space | 15.23% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: KLJEFFR
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/11/2008 10:54:36 AM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 300544 bytes | Modified Date = 3/8/2002 2:33:10 AM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 169984 bytes | Modified Date = 3/8/2002 2:30:24 AM | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 1:08:06 AM | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 6:15:18 PM | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 10:36:04 AM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 10:02:14 AM | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 1:54:42 PM | Attr = ]
nicserv.exe -> %ProgramFiles%\Linksys\Wireless Network PC Card\NICServ.exe -> [Ver = | Size = 441344 bytes | Modified Date = 5/8/2003 3:05:24 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 65536 bytes | Modified Date = 3/3/2003 12:44:00 PM | Attr = ]
lxbumon.exe -> %ProgramFiles%\Lexmark 6200 Series\lxbumon.exE -> Lexmark International, Inc. [Ver = 1.198.0.0 | Size = 188416 bytes | Modified Date = 9/22/2004 4:43:12 AM | Attr = ]
ezprint.exe -> %ProgramFiles%\Lexmark 6200 Series\ezprint.exe -> [Ver = | Size = 61440 bytes | Modified Date = 9/17/2004 7:24:00 AM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/3/2007 8:33:14 PM | Attr = ]
e_fati9fa.exe -> %System32%\spool\drivers\w32x86\3\E_FATI9FA.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 98304 bytes | Modified Date = 4/26/2004 4:00:00 AM | Attr = ]
mmdiag.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe -> Musicmatch, Inc. [Ver = 10.10.0093 | Size = 102400 bytes | Modified Date = 7/12/2005 2:13:44 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr = ]
weather.exe -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 4, 0, 5 | Size = 1593344 bytes | Modified Date = 7/30/2004 2:57:18 PM | Attr = ]
psfree.exe -> %ProgramFiles%\Panicware\Pop-Up Stopper Free Edition\PSFree.exe -> Panicware, Inc. [Ver = 3, 1, 0, 1014 | Size = 536576 bytes | Modified Date = 3/17/2005 11:10:32 AM | Attr = ]
mim.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mim.exe -> Musicmatch, Inc. [Ver = 10.10.0093 | Size = 464384 bytes | Modified Date = 7/12/2005 2:13:42 PM | Attr = ]
lxbucoms.exe -> %System32%\lxbucoms.exe -> Lexmark International, Inc. [Ver = 1.101.39.0 | Size = 450560 bytes | Modified Date = 9/23/2004 11:58:02 AM | Attr = ]
pdesrv2.exe -> %System32%\PdeSrv2.exe -> Creative Technology Ltd [Ver = 1.0.10.0 | Size = 192512 bytes | Modified Date = 9/29/2004 9:21:26 AM | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/24/2007 11:41:52 PM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 11/28/2007 1:11:50 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 1/6/2008 1:17:10 PM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(0279751200308754mcinstcleanup) McAfee Application Installer Cleanup (0279751200308754) [Win32_Own | Auto | Stopped] -> %SystemRoot%\TEMP\027975~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -> File not found
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/11/2008 10:54:36 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 300544 bytes | Modified Date = 3/8/2002 2:33:10 AM | Attr = ]
(lxbu_device) lxbu_device [Win32_Own | On_Demand | Running] -> %System32%\lxbucoms.exe -> Lexmark International, Inc. [Ver = 1.101.39.0 | Size = 450560 bytes | Modified Date = 9/23/2004 11:58:02 AM | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 1:08:06 AM | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 6:15:18 PM | Attr = ]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 7/25/2007 12:16:16 AM | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 10:36:04 AM | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/24/2007 11:41:52 PM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 1:54:42 PM | Attr = ]
(NICSer_WPC11) NICSer_WPC11 [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys\Wireless Network PC Card\NICServ.exe -> [Ver = | Size = 441344 bytes | Modified Date = 5/8/2003 3:05:24 PM | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 65536 bytes | Modified Date = 3/3/2003 12:44:00 PM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
\\SCOTT\EPSON Stylus Photo R320 Series -> %System32%\spool\drivers\w32x86\3\E_FATI9FA.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 98304 bytes | Modified Date = 4/26/2004 4:00:00 AM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr = ]
AOL Messenger Optimized -> AOLOpt.exe -> File not found
Auto EPSONsty on JEFFREY-NTBK -> %System32%\spool\drivers\w32x86\3\E_FATI9FA.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 98304 bytes | Modified Date = 4/26/2004 4:00:00 AM | Attr = ]
BMab9e7ec6 -> %System32%\xxlkyllp.DLL -> File not found
EzPrint -> %ProgramFiles%\Lexmark 6200 Series\ezprint.exe -> [Ver = | Size = 61440 bytes | Modified Date = 9/17/2004 7:24:00 AM | Attr = ]
FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = | Size = 299008 bytes | Modified Date = 9/22/2004 10:18:00 AM | Attr = ]
LXBUCATS -> %System32%\spool\drivers\w32x86\3\lxbutime.dll -> [Ver = 0.1.11.5 | Size = 69632 bytes | Modified Date = 9/10/2004 5:55:10 AM | Attr = ]
lxbumon.exe -> %ProgramFiles%\Lexmark 6200 Series\lxbumon.exE -> Lexmark International, Inc. [Ver = 1.198.0.0 | Size = 188416 bytes | Modified Date = 9/22/2004 4:43:12 AM | Attr = ]
MimBoot -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe -> Musicmatch, Inc. [Ver = 10.10.0093 | Size = 8192 bytes | Modified Date = 7/12/2005 2:13:44 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 4595712 bytes | Modified Date = 3/3/2003 12:44:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 323584 bytes | Modified Date = 3/3/2003 12:44:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 3/30/2004 5:38:50 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr = ]
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices ->
AOL Messenger Optimized -> AOLOpt.exe -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> -> File not found
NVIEW -> %System32%\nview.dll -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 831557 bytes | Modified Date = 3/3/2003 12:44:00 PM | Attr = ]
PopUpStopperFreeEdition -> %ProgramFiles%\Panicware\Pop-Up Stopper Free Edition\PSFree.exe -> Panicware, Inc. [Ver = 3, 1, 0, 1014 | Size = 536576 bytes | Modified Date = 3/17/2005 11:10:32 AM | Attr = ]
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 4, 0, 5 | Size = 1593344 bytes | Modified Date = 7/30/2004 2:57:18 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Gamma Loader.exe.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 2:06:48 PM | Attr = ]
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 4/9/2003 11:19:23 PM | Attr = HS]
%AllUsersStartup%\Instant Wireless Configuration Utility.lnk -> %ProgramFiles%\Linksys\Wireless Network PC Card\WPC11CFG.exe -> The Linksys Group, Inc. [Ver = 1.0.5.103 | Size = 4505088 bytes | Modified Date = 5/9/2003 8:00:30 PM | Attr = ]
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 4/9/2003 11:19:23 PM | Attr = HS]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2082 | Size = 315392 bytes | Modified Date = 3/11/2003 6:11:06 PM | Attr = ]
khfdbxx -> khfdbxx.dll -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\_NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (736 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Start Page ->
http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch ->
http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant ->
http://ie.search.msn...st/srchasst.htm ->
HKEY_LOCAL_MACHINE\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page ->
http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page ->
http://www.google.com/ig?hl=en ->
HKEY_CURRENT_USER\: Search\\SearchAssistant ->
http://ie.search.msn...st/srchasst.htm ->
HKEY_CURRENT_USER\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
online_musicmatch.com [https] -> Trusted sites ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3264 domain(s) found. ->
26 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{1BAC9A2A-4755-43c3-A430-D3512C5B8A4E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{8F4902B6-6C04-4ade-8052-AA58578A21BD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> File not found
{669B269B-0D4E-41FB-A3D8-FD67CA94F646}:Exec -> [ComcastHSI] -> File not found
{8828075D-D097-4055-AA02-2DBFA9D85E8A}:Exec -> [Support] -> File not found
{97809617-3937-4F84-B335-9BB05EF1A8D4}:Exec -> [Help] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Spybot - Search & Destroy Configuration] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{000007C6-17DF-4438-92A4-DE5537471BA3} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{120E090D-9136-4b78-8258-F0B44B4BD2AC} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{1A00C40B-DA85-4aa3-A67F-582D9347EECD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{669B269B-0D4E-41FB-A3D8-FD67CA94F646} [HKEY_LOCAL_MACHINE] -> [ComcastHSI] -> File not found
CmdMapping\\{8828075D-D097-4055-AA02-2DBFA9D85E8A} [HKEY_LOCAL_MACHINE] -> [Support] -> File not found
CmdMapping\\{91663649-416A-42A5-8E54-B63C1ECA0548} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{97809617-3937-4F84-B335-9BB05EF1A8D4} [HKEY_LOCAL_MACHINE] -> [Help] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage ->
http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3060F0F5-24BB-4355-A894-328E6324F2C7} -> (NVIDIA nForce MCP Networking Adapter) ->
{BC45658E-AA44-4923-B92B-91F11D87BDE7} -> () ->
{C1BF39F1-B494-4245-99C5-A5A11973AF29} -> 74.128.1.32,74.128.1.34 (Instant Wireless USB Network Adapter ver.2.5) ->
{DF03DE9C-494C-4820-A172-7E5E95B894EA} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] ->
http://go.microsoft....k/?linkid=39204[Windows Genuine Advantage Validation Tool] ->
{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}[HKEY_LOCAL_MACHINE] ->
http://wdownload.wea...Transporter.cab?[MiniBugTransporterX Class] ->
{41F17733-B041-4099-A042-B518BB6A408C}[HKEY_LOCAL_MACHINE] ->
http://a1408.g.akama...iTunesSetup.exe[Reg Error: Key does not exist or could not be opened.] ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] ->
http://download.mcaf...83/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] ->
http://upload.facebo...otoUploader.cab[Facebook Photo Uploader Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] ->
http://fpdownload.ma...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] ->
http://download.mcaf...,20/mcgdmgr.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.4.2_04] ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_04] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_06] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] ->
http://fpdownload.ma...ash/swflash.cab[Shockwave Flash Object] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:43 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:49:30 AM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:43 AM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 8:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 10:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 552 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\