Virus stopping applications

rayshoots · July 2008

It started out as IE not opening. Also when windows loads up it flashes the "preparing to install" window. It will do this sparatically when opening certain applications. I've tried system restore and running Spybot (v1.1), both do not fix it. I'm hoping someone out there could lend me a hand. here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:09 PM, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Raymond's Work Folder\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Media Player\wmplayer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [HLinit] c:\progra~1\useles~1\matrix~1.exe\hlsetup3.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AIM] D:\Raymond's Work Folder\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SearchAndDestroyT] C:\Program Files\Search And Destroy\SearchAndDestroy.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2761788324-3456322275-89366730-1004\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 (User '?')
O4 - HKUS\S-1-5-21-2761788324-3456322275-89366730-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2761788324-3456322275-89366730-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2761788324-3456322275-89366730-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-2761788324-3456322275-89366730-1004\..\Run: [AIM] D:\Raymond's Work Folder\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-2761788324-3456322275-89366730-1004\..\Run: [SearchAndDestroyT] C:\Program Files\Search And Destroy\SearchAndDestroy.exe (User '?')
O4 - HKUS\S-1-5-21-2761788324-3456322275-89366730-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-2761788324-3456322275-89366730-1018\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User '?')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Raymond's Work Folder\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114557037093
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138772417218
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - https://remote.diamondtouchpos.com/Remote/msrdp.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5030/mcfscan.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14410 bytes

Katana · July 2008

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Installed Programs

Please could you give me a list of the programs that are installed.

Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

rayshoots · July 2008

Thank you so much for your help and the quickness to do so. Here is what you asked for starting with the malware:
Malwarebytes' Anti-Malware 1.19
Database version: 927
Windows 5.1.2600 Service Pack 2

4:49:56 PM 7/6/2008
mbam-log-7-6-2008 (16-49-56).txt

Scan type: Full Scan (C:\|D:\|E:\|H:\|)
Objects scanned: 301676
Time elapsed: 2 hour(s), 3 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 45

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchAndDestroyT (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Search And Destroy (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\SecTaskMan\MWSBAR.DLL.q_1397D059_q (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecTaskMan\MWSSRCAS.DLL.q_1EFAE000_q (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP935\A0199465.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199466.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199468.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199469.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199470.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199471.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199472.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199473.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199474.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199475.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199476.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199477.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199478.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199479.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199480.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199481.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199482.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199483.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199484.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199485.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199486.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199488.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199489.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199490.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199491.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199493.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199494.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199495.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199496.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199497.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199498.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199499.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A341F156-6844-4F94-9771-52DC709B8B9E}\RP936\A0199500.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Backup of Local Disk (C)\Program Files\SBC Self Support Tool\bin\UpdateSC.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Backup of Local Disk (C)\WINDOWS\Temp\DeleteAll.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Search And Destroy\engine.dat (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Program Files\Search And Destroy\Search And Destroy Setup Log.txt (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Program Files\Search And Destroy\SearchAndDestroy.exe (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Program Files\Search And Destroy\SSEngine.dll (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Robert Schutz\Desktop\Search And Destroy.lnk (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\WINDOWS\explorer.reg (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

and here is the hijackthis log of my programs:

1Click DVD Copy 4.2.1.5
1Click DVD Copy 5.4.3.8
4.4.36 Upgrade Install
AcademicOnline Interactive Mathematics
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 7.1.0
Adobe® Photoshop® Album Starter Edition 3.0
AIM 6
AIM Toolbar 5.0
AOL Instant Messenger
AOL Toolbar 2.0
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Avery DesignPro
AviSynth 2.5
Azureus Vuze
Bonjour
Bridge Baron 18
Bridge Baron Teacher: Learn and Practice Bidding Conventions DEMO Version
CCHelp
CCScore
CopyToDVD
DiamondTouch
DivX Web Player
Elasto Mania
eMedia Piano and Keyboard Method
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
Free Allegiance
Full Tilt Poker
Garmin c320 City Navigator North America NT v8
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Updater
GTK+ Runtime 2.12.1 rev b (remove only)
HijackThis 2.0.2
HLPIndex
HLPRFO
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
Instant Wireless USB Network Adapter ver.2.5 Configuration Utility
Intel(R) PRO Network Adapters and Drivers
InterActual Player
iPod for Windows 2005-10-12
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Kodak EasyShare software
KSU
Learn To Play Bridge
Learn to Play Bridge 2
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
LogMeIn
LogMeIn
LucasArts' Shadows of the Empire (full game)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Maxtor OneTouch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft AntiSpyware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Express 7.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Monopoly Star Wars
Mozilla Firefox (2.0.0.15)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Notifier
NVIDIA Windows 2000/XP Display Drivers
OCR Software by I.R.I.S 7.0
OTtBP
OTtBPSDK
PCDADDIN
PCDHELP
PCDLNCH
Pocket RAR documentation
Pocket Tanks 1.00b
PowerDVD
QuickTime
Rapala Pro Fishing
RealPlayer
Retrospect Express HD 1.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
SFR
SFR2
Skype™ 3.8
SONIC ADVENTURE DX-Director's Cut Demo A Version
SoundMAX
Spybot - Search & Destroy
Super DX-Ball v1.00
Symantec AntiVirus
Symantec pcAnywhere
TestOut Products
TUROK: DINOSAUR HUNTER
U3Launcher
Update for Office 2007 (KB932080)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Ventrilo Client
Videora iPod Converter 0.90
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VPRINTOL
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Winkflash Transporter
WinRAR archiver
WinZip
Xtreme Desktop
Yahoo! Anti-Spy
Yahoo! Browser Services
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

Katana · July 2008

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus Vuze

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.

Disable Teatimer
First step:

Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version :

Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.

Your Java and Adobe is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java and Adobe components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6u6 from http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Update Adobe Acrobat Reader

Please go to this link Adobe Acrobat Reader Download Link
Cllick Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts

Now close all windows, including your browser.
Double click on the Java installation that you downloaded and follow the prompts.

Remove Programs
Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.

Adobe Reader 7.1.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Full Tilt Poker << This Add or Remove Programs entry corresponds to a program that is either malware, installs malware, or is bundled with malware

Now close the Control Panel.

Reboot your machine.

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

Kaspersky Log
A fresh HJT log
How are things running now ?

rayshoots · July 2008

This is something small, but I figured i would ask just to make sure. The Java website doesn't have the, "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". It only has the, " The Java SE Runtime Environment (JRE) allows end-users to run Java applications" (no 2). Is this sufficient? I tryed to uninstall full tilt through add/remove programs, but it sat there with the hour glass for 10 minutes with the uninstall window, "Full Tilt poker setup is preparing the installshield wizard, which will guide you through the rest of the setup process. please wait." How can I remove it. Also what about that java update? Thanks again for your patience and help Katana.

Katana · July 2008

Java Runtime Environment (JRE) 6 Update 6

is the correct one

Find Uninstall Command

Open Hijack This
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
Highlight Full Tilt poker
Copy the contents of the box marked Uninstall Command
Paste the contents in your reply

rayshoots · July 2008

RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly

Also, I'm unable to run the java update. It says "The windows installer service could not be accessed. This can occur if you are running windows in safe mode, or if windows installer is not correctly installed. Contact your support personnel for assistance." You're instructions say do not skip it if I'm unable to complete a task you asked. In safe mode it gives me this message, "the system administrator has set policies to prevent this installation". Should I just skip this java update?

Katana · July 2008

Please ignore previous instructions, and do the following ...

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

rayshoots · July 2008

I won't hold it against you if we stop here. I was running combofix, left it running, it was at the 47th stage, and my power went out. I turned on my computer, and it can't find the network connections. I cannot access system restore regular mode or in safe mode (possibly because of the virus). I go to help and support, and when I click on system restore, the window pops up but it's a blank window and doesnt load the system restore calendar. Combofix said that it made a registry backup. I'm curious if I can pull this backup and put on top of my "damaged" one. I was hoping I could avoid reinstalling windows, but at this point, it looks like thats my only option. I'll wait for your reply...

Katana · July 2008

rayshoots wrote:

1) I won't hold it against you if we stop here

2) Combofix said that it made a registry backup. I'm curious if I can pull this backup and put on top of my "damaged" one.

3) I was hoping I could avoid reinstalling windows, but at this point, it looks like thats my only option. I'll wait for your reply...

1) You may not, but I would

3) Nope, there are other options left yet.

2) Put your curiosity out out of its misery, it is exactly this sort of situation that the backup is created for

Please navigate to
Windows\ERDNT\hiv-backup\erdnt.exe

Double click on erdnt.exe

When it has finished, reboot
Let's see if that sorts the problem before we go any further

rayshoots · July 2008

Ok. Thank you so much for your persistance. Well, lan connection doesnt show up in network connections, but I still have internet. Logically, I assumed my network would be down, but it still works. I found this out before running the erdnt.exe. I ran it, and here we are now.
I still do not have any network connections (but still have internet), and my time is still on military time (no biggie, but just another thing the backup didn't change). What do you suggest now?

Katana · July 2008

Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

rayshoots · July 2008

here you go:

ComboFix 08-07-07.3 - Robert Schutz 2008-07-10 6:57:20.1 - NTFSx86

Running from: C:\Documents and Settings\Robert Schutz\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\robert\Application Data\inst.exe
C:\WINDOWS\system32\MSVolume.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-09 23:18 . 2008-07-09 08:51 <DIR> d

C:\Magical JellyBean
2008-07-09 23:16 . 2008-07-09 23:16 347,650 --a

C:\Magical JellyBean.zip
2008-07-06 14:40 . 2008-07-06 14:40 <DIR> d

C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 14:40 . 2008-07-06 14:40 <DIR> d

C:\Documents and Settings\Robert Schutz\Application Data\Malwarebytes
2008-07-06 14:40 . 2008-07-06 14:40 <DIR> d

C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 14:40 . 2008-06-28 14:16 34,296 --a

C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-06 14:40 . 2008-06-28 14:16 17,144 --a

C:\WINDOWS\system32\drivers\mbam.sys
2008-07-04 01:16 . 2008-07-04 01:16 <DIR> d

C:\Program Files\Trend Micro
2008-06-30 21:58 . 2008-06-30 21:58 <DIR> d

C:\Documents and Settings\All Users\Application Data\acccore
2008-06-21 19:02 . 2008-06-21 19:03 270 --a

C:\WINDOWS\wininit.ini
2008-06-21 17:57 . 2008-06-21 17:57 <DIR> d

C:\Program Files\Spybot - Search & Destroy
2008-06-21 17:57 . 2008-06-22 07:01 <DIR> d

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-21 17:08 . 2008-06-21 17:08 <DIR> d

C:\Program Files\Security Task Manager
2008-06-21 17:08 . 2008-06-21 17:14 <DIR> d

C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-20 20:43 . 2008-07-04 22:44 <DIR> d

C:\Documents and Settings\Robert Schutz\Application Data\Uniblue
2008-06-20 07:26 . 2008-06-20 07:26 <DIR> d

C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-10 23:17 . 2008-06-10 23:17 <DIR> d--h

C:\WINDOWS\system32\GroupPolicy
2008-06-10 20:40 . 2008-04-14 06:01 272,128

c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 12:11

d

w C:\Documents and Settings\Robert Schutz\Application Data\AdobeUM
2008-07-10 12:10

d

w C:\Program Files\Microsoft AntiSpyware
2008-07-10 12:07

d

w C:\Program Files\LogMeIn
2008-07-10 04:14

d

w C:\Program Files\Ahorita
2008-07-10 04:08

d

w C:\Documents and Settings\Robert Schutz\Application Data\Skype
2008-07-10 04:07

d

w C:\Program Files\Google
2008-07-10 04:03

d

w C:\Program Files\Yahoo!
2008-07-10 04:02

d--h--r C:\Documents and Settings\Robert Schutz\Application Data\yahoo!
2008-07-10 04:02

d

w C:\Program Files\Common Files\Scanner
2008-07-10 04:02

d

w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-07-10 04:00

d

w C:\Documents and Settings\All Users\Application Data\Kodak
2008-07-10 03:55

d

w C:\Program Files\AviSynth 2.5
2008-07-10 03:33

d

w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-10 03:11

d

w C:\Documents and Settings\Robert Schutz\Application Data\skypePM
2008-07-01 02:59

d

w C:\Program Files\AIM6
2008-07-01 02:58

d

w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-01 02:57

d

w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-22 16:11

d

w C:\Documents and Settings\Robert Schutz\Application Data\1ClickDVDCopy
2008-06-21 00:57

d

w C:\Program Files\Snood
2008-06-20 07:05

d

w C:\Program Files\Symantec AntiVirus
2008-06-17 14:52

d

w C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-15 01:41

d

w C:\Program Files\DOSBox-0.72
2008-06-10 03:57

d

w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-05 00:00

d

w C:\Program Files\iTunes
2008-06-05 00:00

d

w C:\Program Files\iPod
2008-06-04 23:58

d

w C:\Program Files\QuickTime
2008-06-04 23:58

d

w C:\Program Files\Bonjour
2008-06-04 23:55

d

w C:\Program Files\Common Files\Apple
2008-05-30 00:29

d

w C:\Program Files\Common Files\Adobe
2008-05-27 12:09

d

w C:\Documents and Settings\Robert Schutz\Application Data\HP
2008-05-23 02:22

d

w C:\Documents and Settings\Robert Schutz\Application Data\Azureus
2008-05-22 03:49

d

w C:\Program Files\Azureus
2008-05-20 04:01

d

w C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-18 02:52

d

w C:\Program Files\Skype
2008-05-18 02:52

d

w C:\Program Files\Common Files\Skype
2008-05-18 02:52

d

w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-15 11:04 47,360 ----a-w C:\Documents and Settings\robert\Application Data\pcouffin.sys
2007-07-03 22:04 1,104 ----a-w C:\Program Files\Mary Beth.soe
2008-02-28 19:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 19:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 11:57 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792]
"AIM"="D:\Raymond's Work Folder\AIM\aim.exe" [2005-06-02 02:34 67160]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-03-21 00:05 774144]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2004-12-31 13:14 469824]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-04-02 21:40 4616192]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 16:21 28672]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-10 23:39 180269]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 17:44 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 16:18 124128]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 10:20 63048]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 00:56 380416 C:\WINDOWS\system32\irprops.cpl]
"nwiz"="nwiz.exe" [2003-04-02 21:40 323584 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-04-02 21:40 49152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 11:01 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a

2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a

2005-06-02 02:34 67160 D:\Raymond's Work Folder\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a

2008-06-19 12:51 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a

2008-03-01 15:49 826880 C:\Program Files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a

2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
--a

2004-08-31 09:23 823296 C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a

2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a

2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
--a

2004-07-30 15:47 6946816 C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra

2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoraConverter]
--a

2005-10-29 20:26 479232 C:\Program Files\VideoraConverter\VideoraConverter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
--a

2005-03-28 20:24 28616 C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Raymond's Work Folder\\quake3.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Raymond's Work Folder\\unreal\\System\\UT2004.exe"=
"E:\\Backup of Local Disk (C)\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"E:\\Backup of Local Disk (C)\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Raymond's Work Folder\\AIM\\aim.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

.
Contents of the 'Scheduled Tasks' folder
"2008-07-02 15:32:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-03 02:21:07 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-21 01:43:05 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
HKCU-Run-SearchAndDestroyT - C:\Program Files\Search And Destroy\SearchAndDestroy.exe
HKLM-RunOnce-HLinit - c:\progra~1\useles~1\matrix~1.exe\hlsetup3.exe
MSConfigStartUp-HostManager - C:\Program Files\Common Files\AOL\1163030241\ee\AOLSoftware.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
MSConfigStartUp-Yahoo! Pager - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 07:10:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HLinit = c:\progra~1\useles~1\matrix~1.exe\hlsetup3.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????8

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

Other Running Processes

.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2008-07-10 7:18:19 - machine was rebooted [Robert Schutz]
ComboFix-quarantined-files.txt 2008-07-10 12:18:16

Pre-Run: 80,421,355,520 bytes free
Post-Run: 82,216,214,528 bytes free

233 --- E O F --- 2008-06-13 08:04:13

Katana · July 2008

That's great, please can you continue with the Kaspersky scan now
Do you know anything about C:\Program Files\Mary Beth.soe ?

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

rayshoots · July 2008

ARGH! I can't install the java update to accept the license agreement. Even if I do the manual install, it comes up with that window saying "The windows installer service could not be accessed. This can occur if you are running windows in safe mode, or if windows installer is not correctly installed. Contact your support personnel for assistance". I can't do this in IE because something stops it from opening every time. I tried updating my firefox to 3.0, that still does not work. What now?

oh ya. and that mary beth.soe...soe is Shadows of the Empire. It's a star wars game that was installed a while ago. I just took it off. I'll delete it. I was going over our history. and I forgot to uninstall the adobe and java programs like you asked. I tryed it now, and it gives me that same "windows installer server could not...". Here is a new HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:01 PM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Raymond's Work Folder\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AIM] D:\Raymond's Work Folder\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB0_0_0
O4 - HKUS\S-1-5-21-2761788324-3456322275-89366730-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2761788324-3456322275-89366730-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2761788324-3456322275-89366730-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-2761788324-3456322275-89366730-1004\..\Run: [AIM] D:\Raymond's Work Folder\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-2761788324-3456322275-89366730-1004\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB0_0_0 (User '?')
O4 - HKUS\S-1-5-21-2761788324-3456322275-89366730-1018\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User '?')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Raymond's Work Folder\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114557037093
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138772417218
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - https://remote.diamondtouchpos.com/Remote/msrdp.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5030/mcfscan.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12840 bytes

Katana · July 2008

Please visit this page
http://www.microsoft.com/downloads/details.aspx?FamilyID=5A58B56F-60B6-4412-95B9-54D056D6F9F4&displaylang=en

Find the download link for WindowsXP-KB942288-v3-x86.exe
(about halfway down the page, the last one in the list )

Click Download, and save file.

When the download is finished, close all open windows/applications and double click on the new WindowsXP-KB942288-v3-x86.exe file.

When the installer has finished reboot, and now try the Java install.

rayshoots · July 2008

wonderful! that upate worked. I was able to install the java and run the kaspersky. here is the log from it:

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, July 12, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 11, 2008 11:39:59
Records in database: 941656

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 186274
Threat name: 7
Infected objects: 22
Suspicious objects: 0
Duration of the scan: 03:25:39

File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40000.VBN Infected: Trojan.Win32.Agent.ato 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40001.VBN Infected: Trojan.Win32.Agent.ato 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB80000.VBN Infected: Trojan-Downloader.Win32.Zlob.bri 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB80001.VBN Infected: Trojan-Downloader.Win32.Zlob.bri 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB80002.VBN Infected: Trojan-Downloader.Win32.Zlob.bri 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB80003.VBN Infected: Trojan-Downloader.Win32.Zlob.bri 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB80004.VBN Infected: Trojan-Downloader.Win32.Zlob.bri 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB80005.VBN Infected: Trojan-Downloader.Win32.Zlob.bri 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB80006.VBN Infected: Trojan-Downloader.Win32.Zlob.bri 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB80007.VBN Infected: Trojan-Downloader.Win32.Zlob.bri 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB80008.VBN Infected: Trojan-Downloader.Win32.Zlob.bri 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B340000.VBN Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
E:\Backup of Local Disk (C)\downloads\dolphinfree.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 3
E:\Backup of Local Disk (C)\downloads\dolphinfree.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
E:\Backup of Local Disk (C)\downloads\dolphinfree.exe Infected: not-a-virus:AdWare.Win32.WebHancer 5
E:\Backup of Local Disk (C)\downloads\dolphinfree.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.j 1

The selected area was scanned.

Katana · July 2008

I recommend that you follow the instructions in post #4 regarding Adobe, the removal of old Java and Fultilt Poker.
After you have done that ........

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

You can also delete any logs we have produced, and empty your Recycle bin.

E:\Backup of Local Disk (C)\downloads\dolphinfree.exe shows in your Kaspersky log, I recommend that (if you can't delete dolphinfree.exe ) you create a fresh backup and delete this one.

The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

AntiSpyware isnot the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
[*]Spybot - Search & Destroy <<< A must have program

It includes host protection and registry protection
A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

[*] MalwareBytes Anti-malware <<< A New and effective program
[*]a-squared Free <<< A good "realtime" or "on demand" scanner
[*]superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

Winpatrol
- An excellent startup manager and then some !!
- Notifies you if programs are added to startup
- Allows delayed startup
- A must have addition
SpywareBlaster 4.0
- SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2
- SpywareGuard provides real-time protection against spyware.
- Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut
- Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS
- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read this tutorial by WinHelp2002.
- Not required if you are using other host file protections

Internet Browsers

Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys. Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
  - Change the Download signed ActiveX controls to Prompt
  - Change the Download unsigned ActiveX controls to Disable
  - Change the Initialise and script ActiveX controls not marked as safe to Disable
  - Change the Installation of desktop items to Prompt
  - Change the Launching programs and files in an IFRAME to Prompt
  - Change the Navigate sub-frames across different domains to Prompt
  - When all these settings have been made, click on the OK button.
  - If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.

FireFox
- With many addons available that make customization easy this is a very popular choice
- NoScript and AdBlockPlus addons are essential
Opera
- Another popular alternative
Netscape
- Another popular alternative
- Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

ATF Cleaner
- Free and very simple to use
CCleaner
- Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

rayshoots · July 2008

I think that we did solve the problem. Because surfing is not as troublesome as it was before. But IE will still not open up. I start the application, it loads in my start bar, but it immediately closes itself out. Also, WMA or itunes wont open my music files. it first asks me what program would i like to use to open it, and then when i open it with WMA it says, "Windows Media Player encountered a problem while playing the file. For additional assistance, click Web Help". i know i didnt state this specific problem, but i figured it was related with all the rest of my virus problems. I tryed reinstalling WMP, but that didnt work. i think everything else works ok though.

Katana · July 2008

Please try running a vanilla IE as follows:

Start > All Programs > Accessories > System Tools - IE (No Add-Ons)

rayshoots · July 2008

nope, no go
it does the same thing

Katana · July 2008

Please Download GMER to your desktop

Please create a folder in the Program Files folder called GMER.

Download GMER and extract it to the C:\program files\GMER folder you have just made.

Run the Gmer.exe program by double-clicking the executable file gmer.exe.
You may be prompted to scan immediately if GMER detects rootkit activity.

If you are prompted to scan your system click "yes" to begin the scan.
If you are not prompted, Click the "Rootkit" tab, then click "Scan".

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

At the end of the scan, click "Copy" to copy the scan results to the clipboard. Then paste the results in a notepad file and also paste them back in your next reply.

Please post the results from the GMER scan in your reply.

Katana · July 2008

Did you intend to delete your post ?

rayshoots · July 2008

oh, yes i did. i didnt notice we were going on two pages. i forgot to scan my d and e drives...im doing that now. here is my c drive (the one with my OS).

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-12 17:35:21
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT E3359EE0 ZwConnectPort

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xA6 0xC4 0x6D 0xF3 ...

---- EOF - GMER 1.0.14 ----

rayshoots · July 2008

here are my D and E drives. but they're the same...anyways, here it is

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-12 17:59:10
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT E3359EE0 ZwConnectPort

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xA6 0xC4 0x6D 0xF3 ...

---- EOF - GMER 1.0.14 ----

Katana · July 2008

Hmmm.... It's looking like this is not a malware issue.
It could be OS or software issue.

Let's try one last scan

OTScanIt

Please download OTScanIt.exe by OldTimer and save it to your desktop.
Double click on OTScanIt.exe to run it.
Click on Extract. Once done, you will be prompted. Click OK and click Close.
Double click on the OTScanIt folder. Double click on OTScanIt.exe to run it.
Under Drivers section, select Non-Microsoft.
Click on the Run Scan button at the top left hand corner.
OTScanIt will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

rayshoots · July 2008

Its too big for one post. I split it into three...I had to delete posts because I was posting the part 1 twice
Part1:

[code]
OTScanIt logfile created on: 7/13/2008 1:44:06 PM
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Program Files\otscanit\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 457.79 Mb Available Physical Memory | 44.76% Memory free
2.40 Gb Paging File | 2.03 Gb Available in Paging File | 84.44% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 79.20 Gb Free Space | 70.85% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 18.40 Gb Free Space | 18.84% Space Free | Partition Type: NTFS
Drive E: | 88.65 Gb Total Space | 32.54 Gb Free Space | 36.71% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-CBE1WGGOT5
Current User Name: Robert Schutz
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 242808 bytes | Modified Date = 2/29/2004 5:44:54 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 255096 bytes | Modified Date = 2/29/2004 5:44:48 PM | Attr = ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 3, 9 | Size = 774144 bytes | Modified Date = 3/21/2003 12:05:42 AM | Attr = ]
wkufind.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 7.00.0716.0 | Size = 28672 bytes | Modified Date = 7/16/2002 4:21:48 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 11/10/2006 11:39:43 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 66680 bytes | Modified Date = 2/29/2004 5:44:46 PM | Attr = ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 12:46:24 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 2/19/2006 2:41:10 AM | Attr = ]
logmeinsystray.exe -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 9/12/2007 10:20:58 AM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2/18/2008 11:16:30 AM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 12:41:02 PM | Attr = ]
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> LogMeIn, Inc. [Ver = 8.0.734 | Size = 87360 bytes | Modified Date = 5/28/2008 12:32:28 PM | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 29928 bytes | Modified Date = 3/12/2004 4:17:10 PM | Attr = ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 7/7/2008 8:38:08 PM | Attr = ]
ramaint.exe -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 116032 bytes | Modified Date = 5/28/2008 12:32:34 PM | Attr = ]
logmein.exe -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 9/12/2007 10:20:58 AM | Attr = ]
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> LogMeIn, Inc. [Ver = 8.0.734 | Size = 87360 bytes | Modified Date = 5/28/2008 12:32:28 PM | Attr = ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 69632 bytes | Modified Date = 4/2/2003 9:40:00 PM | Attr = ]
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 2:27:52 AM | Attr = ]
retrorun.exe -> %ProgramFiles%\Dantz\Retrospect Express HD\retrorun.exe -> Dantz Development Corporation [Ver = 1.0.196 | Size = 69632 bytes | Modified Date = 7/30/2004 3:47:36 PM | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/21/2002 12:50:10 AM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr = ]
lucoms~1.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 12:41:02 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.8.0.115 | Size = 22058792 bytes | Modified Date = 4/30/2008 5:17:34 PM | Attr = R ]
aim.exe -> D:\Raymond's Work Folder\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 6/2/2005 2:34:34 AM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr = ]
skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 2.0.0.55 | Size = 76744 bytes | Modified Date = 4/30/2008 5:17:34 PM | Attr = R ]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 239320 bytes | Modified Date = 2/19/2006 5:24:52 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9 | Size = 307712 bytes | Modified Date = 5/29/2008 3:08:56 PM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:18 PM | Attr = ]
showmypc.exe -> %UserProfile%\Local Settings\temp\IXP000.TMP\ShowMyPC.exe -> ShowMyPC [Ver = 6.01.0002 | Size = 2293760 bytes | Modified Date = 5/25/2008 7:48:02 PM | Attr = ]
spcplink.exe -> %UserProfile%\Local Settings\temp\IXP000.TMP\spcplink.exe -> [Ver = | Size = 651264 bytes | Modified Date = 6/2/2005 3:36:44 PM | Attr = ]
dfrgntfs.exe -> %SystemRoot%\system32\dfrgntfs.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 104960 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
otscanit.exe -> %ProgramFiles%\otscanit\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2/18/2008 11:16:30 AM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 12:41:02 PM | Attr = ]
(awhost32) pcAnywhere Host Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\pcAnywhere\awhost32.exe -> Symantec Corporation [Ver = 11.0.1.764 | Size = 106496 bytes | Modified Date = 10/31/2003 11:01:00 AM | Attr = ]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 255096 bytes | Modified Date = 2/29/2004 5:44:48 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 87160 bytes | Modified Date = 2/29/2004 5:44:52 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 242808 bytes | Modified Date = 2/29/2004 5:44:54 PM | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 29928 bytes | Modified Date = 3/12/2004 4:17:10 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(getPlus(R) Helper) getPlus(R) Helper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\NOS\bin\getPlus_HelperSvc.exe -> NOS Microsystems Ltd. [Ver = 1206 | Size = 31592 bytes | Modified Date = 6/26/2008 10:25:28 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 7/7/2008 8:38:08 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 12:41:02 PM | Attr = ]
(LMIMaint) LogMeIn Maintenance Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 116032 bytes | Modified Date = 5/28/2008 12:32:34 PM | Attr = ]
(LogMeIn) LogMeIn [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 9/12/2007 10:20:58 AM | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 69632 bytes | Modified Date = 4/2/2003 9:40:00 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 2:27:52 AM | Attr = ]
(RetroExp Helper) Retrospect Express HD Restore Helper [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Dantz\Retrospect Express HD\rthlpsvc.exe -> Dantz Development Corporation [Ver = 1.0.196 | Size = 110592 bytes | Modified Date = 7/30/2004 3:47:36 PM | Attr = ]
(RetroExpLauncher) Retrospect Express HD Launcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Dantz\Retrospect Express HD\retrorun.exe -> Dantz Development Corporation [Ver = 1.0.196 | Size = 69632 bytes | Modified Date = 7/30/2004 3:47:36 PM | Attr = ]
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 1.5.0.0 | Size = 169192 bytes | Modified Date = 3/12/2004 4:18:06 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.3.0.46 | Size = 193760 bytes | Modified Date = 3/11/2004 3:58:32 PM | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/21/2002 12:50:10 AM | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 1221864 bytes | Modified Date = 3/12/2004 4:17:46 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 3.0.2.29 | Size = 100032 bytes | Modified Date = 2/26/2003 6:01:40 PM | Attr = ]
(awlegacy) awlegacy [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AWLEGACY.sys -> Symantec Corporation [Ver = 11.0.0.695 | Size = 10901 bytes | Modified Date = 4/21/2003 2:08:44 PM | Attr = ]
(AW_HOST) AW_HOST [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AW_HOST5.sys -> Symantec Corporation [Ver = 11.0.1.761 | Size = 16984 bytes | Modified Date = 10/23/2003 10:32:20 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Running] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
(dvd43llh) dvd43llh [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\dvd43llh.sys -> RIF [Ver = 3.5.000 | Size = 18816 bytes | Modified Date = 3/15/2008 6:43:47 AM | Attr = ]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 7.0.26.0 built by: WinDDK | Size = 145408 bytes | Modified Date = 3/4/2003 6:56:26 PM | Attr = ]
(FVNETusb) Linksys Wireless-B USB Network Adapter v2.8 Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\vnet58lx.sys -> Cisco-Linksys LLC. [Ver = 4.10.9.430 built by: WinDDK | Size = 122112 bytes | Modified Date = 3/26/2004 1:08:54 PM | Attr = ]
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ]
(Gernuwa) Gernuwa [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\GERNUWA.sys -> Symantec Corporation [Ver = 11.0.0.695 | Size = 13898 bytes | Modified Date = 4/21/2003 1:00:32 PM | Attr = ]
(gmer) gmer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 7/12/2008 4:02:13 PM | Attr = ]
(grmnusb) grmnusb [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\grmnusb.sys -> GARMIN Corp. [Ver = 2.1 | Size = 7296 bytes | Modified Date = 9/23/2003 9:42:34 AM | Attr = ]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZid412.sys -> HP [Ver = 10, 1, 0, 2 | Size = 49664 bytes | Modified Date = 4/12/2006 8:04:39 PM | Attr = R ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 10, 1, 0, 2 | Size = 16496 bytes | Modified Date = 4/12/2006 8:04:39 PM | Attr = R ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 10, 1, 0, 2 | Size = 21568 bytes | Modified Date = 4/12/2006 8:04:39 PM | Attr = R ]
(LMIInfo) LogMeIn Kernel Information Provider [Kernel | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\rainfo.sys -> LogMeIn, Inc. [Ver = 8.0.685 | Size = 12856 bytes | Modified Date = 2/28/2008 3:31:50 PM | Attr = ]
(LMImirr) LMImirr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lmimirr.sys -> LogMeIn, Inc. [Ver = 2.50.596 | Size = 10144 bytes | Modified Date = 9/12/2007 10:20:28 AM | Attr = ]
(LMIRfsDriver) LogMeIn Remote File System Driver [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\LMIRfsDriver.sys -> LogMeIn, Inc. [Ver = 2.4.3.0 | Size = 45848 bytes | Modified Date = 3/7/2008 1:39:48 PM | Attr = ]
(ltmodem5) LT Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 606684 bytes | Modified Date = 8/3/2004 10:41:36 PM | Attr = ]
(MaxtorFrontPanel1) Maxtor 1394 Storage Front Panel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mxofwfp.sys -> Maxtor Corp. [Ver = 1,1,0,0 | Size = 19712 bytes | Modified Date = 3/13/2003 8:23:28 PM | Attr = ]
(MidiSyn) MidiSyn [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MidiSyn.sys -> Analog Devices Inc [Ver = 3, 3, 7, 3 | Size = 235100 bytes | Modified Date = 9/20/2002 4:53:34 PM | Attr = ]
(MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mxopswd.sys -> Maxtor Corp. [Ver = 1,0,3,0 | Size = 14592 bytes | Modified Date = 8/9/2004 5:49:40 PM | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080613.003\NAVENG.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 89936 bytes | Modified Date = 6/13/2008 3:00:00 AM | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080613.003\NAVEX15.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 856336 bytes | Modified Date = 6/13/2008 3:00:00 AM | Attr = ]
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NTIDrvr.sys -> NewTech Infosystems, Inc. [Ver = 1, 0, 0, 5 | Size = 6912 bytes | Modified Date = 5/6/2005 8:20:10 PM | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 1265130 bytes | Modified Date = 4/2/2003 9:40:00 PM | Attr = ]
(PCANDIS5) PCANDIS5 Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\PCANDIS5.SYS -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.00.13.49 | Size = 16068 bytes | Modified Date = 10/15/2000 5:38:54 PM | Attr = ]
(Pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 3/15/2008 6:04:38 AM | Attr = ]
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 200 | Size = 14604 bytes | Modified Date = 8/11/2003 10:07:46 AM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.02.62a | Size = 20016 bytes | Modified Date = 5/19/2004 12:33:44 PM | Attr = ]
(SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.3.0.28 | Size = 301200 bytes | Modified Date = 2/9/2004 4:43:56 PM | Attr = R ]
(SAVRTPEL) SAVRTPEL [Kernel | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.3.0.28 | Size = 37008 bytes | Modified Date = 2/9/2004 4:43:56 PM | Attr = R ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = ]
(sf) SFI Service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\sf.sys -> Sonic Focus, Inc [Ver = 5.02.0002.3 | Size = 33183 bytes | Modified Date = 4/2/2003 12:55:18 AM | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3581 | Size = 555264 bytes | Modified Date = 3/21/2003 7:46:22 PM | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.4.0.6 | Size = 82832 bytes | Modified Date = 3/5/2004 12:46:46 AM | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.3.0.46 | Size = 16288 bytes | Modified Date = 3/11/2004 3:58:08 PM | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.3.0.46 | Size = 263616 bytes | Modified Date = 3/11/2004 3:58:10 PM | Attr = ]
(WUSB11) Instant Wireless USB Network Adapter ver.2.5 Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LSWLUSB.sys -> The Linksys Group, Inc. [Ver = 2.00.02 | Size = 54083 bytes | Modified Date = 5/28/2002 5:28:40 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 12:46:24 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 2.2.0.577 | Size = 66680 bytes | Modified Date = 2/29/2004 5:44:46 PM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 2/19/2006 2:41:10 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr = ]
LogMeIn GUI -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe ["C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"] -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 9/12/2007 10:20:58 AM | Attr = ]
Microsoft Works Update Detection -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe [C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe] -> Microsoft® Corporation [Ver = 7.00.0716.0 | Size = 28672 bytes | Modified Date = 7/16/2002 4:21:48 PM | Attr = ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 4616192 bytes | Modified Date = 4/2/2003 9:40:00 PM | Attr = ]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 323584 bytes | Modified Date = 4/2/2003 9:40:00 PM | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe [C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] -> Analog Devices, Inc. [Ver = 4, 0, 3, 9 | Size = 774144 bytes | Modified Date = 3/21/2003 12:05:42 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 11/10/2006 11:39:43 PM | Attr = ]
UserFaultCheck -> [%systemroot%\system32\dumprep 0 -u] -> File not found
vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> Symantec Corporation [Ver = 9.0.0.338 | Size = 124128 bytes | Modified Date = 3/12/2004 4:18:32 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AIM -> D:\Raymond's Work Folder\AIM\aim.exe -cnetwait.odl [D:\Raymond's Work Folder\AIM\aim.exe -cnetwait.odl] -> File not found
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.8.0.115 | Size = 22058792 bytes | Modified Date = 4/30/2008 5:17:34 PM | Attr = R ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/25/2007 11:57:34 AM | Attr = ]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 49152 bytes | Modified Date = 4/2/2003 9:40:00 PM | Attr = ]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 49152 bytes | Modified Date = 4/2/2003 9:40:00 PM | Attr = ]
< Run [HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\] > -> HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AIM -> D:\Raymond's Work Folder\AIM\aim.exe -cnetwait.odl [D:\Raymond's Work Folder\AIM\aim.exe -cnetwait.odl] -> File not found
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.8.0.115 | Size = 22058792 bytes | Modified Date = 4/30/2008 5:17:34 PM | Attr = R ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/25/2007 11:57:34 AM | Attr = ]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.1.0.2008042300 | Size = 29696 bytes | Modified Date = 4/23/2008 3:38:16 AM | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr = ]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< LogMeInRemoteUser Startup Folder > -> C:\Documents and Settings\LogMeInRemoteUser\Start Menu\Programs\Startup ->
< LogMeInRemoteUser.YOUR-CBE1WGGOT5 Startup Folder > -> C:\Documents and Settings\LogMeInRemoteUser.YOUR-CBE1WGGOT5\Start Menu\Programs\Startup ->
< LogMeInRemoteUser.YOUR-CBE1WGGOT5.000 Startup Folder > -> C:\Documents and Settings\LogMeInRemoteUser.YOUR-CBE1WGGOT5.000\Start Menu\Programs\Startup ->
< robert Startup Folder > -> C:\Documents and Settings\robert\Start Menu\Programs\Startup ->
< Robert Schutz Startup Folder > -> C:\Documents and Settings\Robert Schutz\Start Menu\Programs\Startup ->
< Theresa Schutz Startup Folder > -> C:\Documents and Settings\Theresa Schutz\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:07 AM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 10:34:01 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004] > -> HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
LMIinit -> %SystemRoot%\system32\LMIinit.dll -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 87352 bytes | Modified Date = 5/28/2008 12:32:54 PM | Attr = ]
NavLogon -> %SystemRoot%\system32\NavLogon.dll -> Symantec Corporation [Ver = 9.0.0.338 | Size = 83176 bytes | Modified Date = 3/12/2004 4:17:24 PM | Attr = ]
PCANotify -> %SystemRoot%\system32\PCANotify.dll -> Symantec Corporation [Ver = 11.0.1.764 | Size = 8704 bytes | Modified Date = 10/31/2003 11:01:00 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004] > -> HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found

Katana · July 2008

Is there a problem ?

rayshoots · July 2008

part 2:

*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:54 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomJLMS_XJ-HD166S__________________________DS18____\5&1ebf9c3d&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomSONY_DVD_RW_DW-U14A_____________________1.0c____\4145383837353937_0_0_0_0_0_0_0_0_0_0_0_0 ->
< Drives - Autoruns > -> ->
autoexec.bat [Path C:\RAYMOND\MATH\Academic\orawin95\Bin;%Path% | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 51 bytes | Modified Date = 2/19/2007 11:03:30 PM | Attr = ]
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://mail.yahoo.com ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\] > -> ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\: Main\\Start Page -> http://mail.yahoo.com ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\: ProxyEnable -> 0 ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
.[msn] -> My Computer ->
office_microsoft.com [http] -> Trusted sites ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\] > -> HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
.[msn] -> My Computer ->
office_microsoft.com [http] -> Trusted sites ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\] > -> HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 8:55:24 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 4/8/2008 6:43:18 AM | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\] > -> HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 8:55:24 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 8:55:24 AM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\] > -> HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 8:55:24 AM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ]
{3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 8:55:24 AM | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> D:\Raymond's Work Folder\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 6/2/2005 2:34:34 AM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll -> File not found
&AOL Toolbar Search -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltbhtml.dll -> America Online, Inc. [Ver = 2.0.4239.56 | Size = 376832 bytes | Modified Date = 6/1/2005 1:43:20 PM | Attr = ]
&Google Search -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
&Search -> -> File not found
&Translate English Word -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
Backward Links -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
Similar Pages -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> D:\Raymond's Work Folder\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 6/2/2005 2:34:34 AM | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> D:\Raymond's Work Folder\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 6/2/2005 2:34:34 AM | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\] > -> HKEY_USERS\S-1-5-21-2761788324-3456322275-89366730-1004\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll -> File not found
&AOL Toolbar Search -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltbhtml.dll -> America Online, Inc. [Ver = 2.0.4239.56 | Size = 376832 bytes | Modified Date = 6/1/2005 1:43:20 PM | Attr = ]
&Google Search -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
&Search -> -> File not found
&Translate English Word -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
Backward Links -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
Similar Pages -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1A8E38F5-D16C-4119-A857-9E1BC40FB19C} -> (Linksys Wireless-B USB Network Adapter v2.8) ->
{3C2F6A73-7F7A-4B63-83D2-8B019BB21963} -> () ->
{55607597-EF67-42D2-82BC-AAF74CFF47A1} -> (Linksys Wireless-B USB Network Adapter v2.8) ->
{6DC2D2B8-BC23-493E-81E2-644F815B15E1} -> (Intel(R) PRO/100 VE Network Connection) ->
{7FA52C82-98BA-4BC1-A4C7-8148AC615306} -> (1394 Net Adapter) ->
{8440540E-AFCD-43C1-B46E-2F8B669BE14E} -> (Linksys Wireless-B USB Network Adapter v2.8) ->
{D0333465-DDC3-4AF1-97D8-C2C4520C0385} -> (Instant Wireless USB Network Adapter ver.2.5) ->
{DFE5B527-DE17-4739-9800-49DE1980BC2D} -> (Linksys Wireless-B USB Network Adapter v2.8) ->
{FB856DB1-9E51-4DC9-983E-DA647DAB1487} -> () ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 29, 0 | Size = 1942864 bytes | Modified Date = 4/30/2008 5:17:34 PM | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{15B782AF-55D8-11D1-B477-006097098764}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab[Macromedia Authorware Web Player Control] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://active.macromedia.com/director/cabs/sw.cab[Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409[Windows Genuine Advantage Validation Tool] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc2.cab[Office Update Installation Engine] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114557037093[WUWebControl Class] ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138772417218[Reg Error: Value does not exist or could not be read.] ->
{7584C670-2274-4EFB-B00B-D6AABA6D3850}[HKEY_LOCAL_MACHINE] -> https://remote.diamondtouchpos.com/Remote/msrdp.cab[Reg Error: Value does not exist or could not be read.] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{9600F64D-755F-11D4-A47F-0001023E6D5A}[HKEY_LOCAL_MACHINE] -> http://web1.shutterfly.com/downloads/Uploader.cab[Shutterfly Picture Upload Plugin] ->
{9FC5238F-12C4-454F-B1B5-74599A21DE47}[HKEY_LOCAL_MACHINE] -> http://community.webshots.com/html/WSPhotoUploader.CAB[Webshots Photo Uploader] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5030/mcfscan.cab[McFreeScan Class] ->
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}[HKEY_LOCAL_MACHINE] -> https://secure.logmein.com/activex/ractrl.cab?lmi=100[Performance Viewer Activex Control] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LMIProxyHelper.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LMIProxyHelper.exe\\.Owner -> {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LMIProxyHelper.exe\\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msrdp.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msrdp.ocx\\.Owner -> {7584C670-2274-4EFB-B00B-D6AABA6D3850} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msrdp.ocx\\{7584C670-2274-4EFB-B00B-D6AABA6D3850} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RACtrl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RACtrl.dll\\.Owner -> {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RACtrl.dll\\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\\.Owner -> {9600F64D-755F-11D4-A47F-0001023E6D5A} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sfuploadplugin.ocx\\{9600F64D-755F-11D4-A47F-0001023E6D5A} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WSPhotoUploader.OCX\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WSPhotoUploader.OCX\\.Owner -> {9FC5238F-12C4-454F-B1B5-74599A21DE47} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WSPhotoUploader.OCX\\{9FC5238F-12C4-454F-B1B5-74599A21DE47} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ractrlkeyhook.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ractrlkeyhook.dll\\.Owner -> {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ractrlkeyhook.dll\\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> ->

[Files/Folders - Created Within 30 days]
BOOT.BAK -> %SystemDrive%\BOOT.BAK -> [Ver = | Size = 211 bytes | Created Date = 7/8/2008 8:16:11 PM | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 7/8/2008 8:15:47 PM | Attr = RHS]
cmldr -> %SystemDrive%\cmldr -> [Ver = | Size = 260272 bytes | Created Date = 7/8/2008 8:16:07 PM | Attr = RHS]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 7/12/2008 3:56:22 AM | Attr = ]
fed5b37d9fcc7dc52dffc094382097 -> %SystemDrive%\fed5b37d9fcc7dc52dffc094382097 -> [Folder | Created Date = 7/12/2008 4:11:11 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072484352 bytes | Created Date = 7/9/2008 11:17:54 AM | Attr = HS]
Magical JellyBean -> %SystemDrive%\Magical JellyBean -> [Folder | Created Date = 7/9/2008 11:18:03 PM | Attr = ]
Magical JellyBean.zip -> %SystemDrive%\Magical JellyBean.zip -> [Ver = | Size = 347650 bytes | Created Date = 7/9/2008 11:16:20 PM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 7/10/2008 8:48:36 PM | Attr = HS]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Created Date = 7/12/2008 4:02:13 PM | Attr = ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 7/6/2008 2:40:26 PM | Attr = ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 7/6/2008 2:40:25 PM | Attr = ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 7/11/2008 7:10:20 AM | Attr = ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 7/11/2008 7:10:20 AM | Attr = ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Created Date = 7/11/2008 7:10:20 AM | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 7/7/2008 7:02:09 PM | Attr = HS]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 7/8/2008 9:40:25 PM | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Created Date = 7/12/2008 4:02:13 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Created Date = 7/12/2008 4:02:13 PM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 7/12/2008 4:02:16 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 7/12/2008 4:02:13 PM | Attr = ]
setup.pss -> %SystemRoot%\setup.pss -> [Folder | Created Date = 7/8/2008 8:15:40 PM | Attr = ]
setupupd -> %SystemRoot%\setupupd -> [Folder | Created Date = 7/8/2008 8:15:27 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 7/10/2008 7:18:34 AM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 270 bytes | Created Date = 6/21/2008 7:02:42 PM | Attr = ]
Uniblue SpeedUpMyPC Nag.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC Nag.job -> [Ver = | Size = 286 bytes | Created Date = 6/20/2008 8:43:05 PM | Attr = ]
Uniblue SpeedUpMyPC.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC.job -> [Ver = | Size = 408 bytes | Created Date = 6/20/2008 8:43:05 PM | Attr = ]

rayshoots · July 2008

Sorry to post and then delete...Anyways, this is the last part. Thanks again for all your help
Part 3:

[Files/Folders - Modified Within 30 days]
academic -> %SystemDrive%\academic -> [Folder | Modified Date = 7/9/2008 10:55:15 PM | Attr = ]
BOOT.BAK -> %SystemDrive%\BOOT.BAK -> [Ver = | Size = 211 bytes | Modified Date = 7/4/2008 1:05:53 PM | Attr = RHS]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 282 bytes | Modified Date = 7/8/2008 8:16:11 PM | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 7/8/2008 8:16:11 PM | Attr = RHS]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 7/12/2008 3:56:30 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 7/12/2008 11:09:49 AM | Attr = HS]
Diamond98 -> %SystemDrive%\Diamond98 -> [Folder | Modified Date = 7/12/2008 11:12:50 AM | Attr = ]
fed5b37d9fcc7dc52dffc094382097 -> %SystemDrive%\fed5b37d9fcc7dc52dffc094382097 -> [Folder | Modified Date = 7/12/2008 4:11:13 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072484352 bytes | Modified Date = 7/13/2008 11:24:03 AM | Attr = HS]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 3347 bytes | Modified Date = 6/30/2008 9:59:07 PM | Attr = H ]
ltpb -> %SystemDrive%\ltpb -> [Folder | Modified Date = 7/9/2008 11:00:41 PM | Attr = ]
ltpb2 -> %SystemDrive%\ltpb2 -> [Folder | Modified Date = 7/9/2008 11:00:51 PM | Attr = ]
Magical JellyBean -> %SystemDrive%\Magical JellyBean -> [Folder | Modified Date = 7/9/2008 8:51:34 AM | Attr = ]
Magical JellyBean.zip -> %SystemDrive%\Magical JellyBean.zip -> [Ver = | Size = 347650 bytes | Modified Date = 7/9/2008 11:16:20 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7/13/2008 1:43:12 PM | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 7/12/2008 12:11:04 AM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 7/12/2008 11:24:30 PM | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 7/10/2008 7:10:19 AM | Attr = ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 7/10/2008 7:10:19 AM | Attr = ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 7/12/2008 4:02:13 PM | Attr = ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 6/28/2008 2:16:36 PM | Attr = ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 6/28/2008 2:16:40 PM | Attr = ]
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 7/12/2008 12:11:02 PM | Attr = ]
appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 7/10/2008 10:52:44 PM | Attr = ]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 7/12/2008 12:13:10 PM | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 7/12/2008 12:10:01 PM | Attr = ]
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 7/10/2008 7:03:51 AM | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 7/11/2008 6:47:49 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 7/12/2008 4:02:13 PM | Attr = ]
mui -> %SystemRoot%\System32\mui -> [Folder | Modified Date = 7/11/2008 6:47:48 AM | Attr = ]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 7/12/2008 12:11:02 PM | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 6/19/2008 10:44:12 PM | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 6/20/2008 7:00:46 AM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 7/13/2008 11:24:47 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/13/2008 11:24:04 AM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 7/7/2008 7:02:09 PM | Attr = HS]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/30/2008 9:58:23 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 7/12/2008 3:56:26 AM | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Modified Date = 7/12/2008 4:02:13 PM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 7/12/2008 11:27:05 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 7/12/2008 4:02:13 PM | Attr = ]
hpoins11.dat -> %SystemRoot%\hpoins11.dat -> [Ver = | Size = 117132 bytes | Modified Date = 6/20/2008 7:26:56 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 7/12/2008 12:12:06 PM | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 7/12/2008 11:09:49 AM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 6/21/2008 7:04:51 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 4247 bytes | Modified Date = 6/20/2008 8:12:39 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 7/13/2008 1:42:38 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/19/2008 10:43:02 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6/20/2008 12:29:34 AM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 6/20/2008 2:05:25 AM | Attr = ]
setup.pss -> %SystemRoot%\setup.pss -> [Folder | Modified Date = 7/8/2008 8:15:40 PM | Attr = ]
setupupd -> %SystemRoot%\setupupd -> [Folder | Modified Date = 7/8/2008 8:15:35 PM | Attr = ]
Spiderman.INI -> %SystemRoot%\Spiderman.INI -> [Ver = | Size = 604 bytes | Modified Date = 6/20/2008 7:58:03 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 7/10/2008 7:10:29 AM | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 7/12/2008 12:11:15 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/29/2008 1:04:00 PM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 7/13/2008 11:24:35 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 771 bytes | Modified Date = 7/4/2008 1:05:53 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 270 bytes | Modified Date = 6/21/2008 7:03:00 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 7/2/2008 10:32:00 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/13/2008 11:24:12 AM | Attr = H ]
Uniblue SpeedUpMyPC Nag.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC Nag.job -> [Ver = | Size = 286 bytes | Modified Date = 7/12/2008 9:21:00 PM | Attr = ]
Uniblue SpeedUpMyPC.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC.job -> [Ver = | Size = 408 bytes | Modified Date = 6/20/2008 8:43:05 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 5/6/2003 11:30:30 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 11436 bytes | Modified Date = 6/17/2008 2:15:32 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 11436 bytes | Modified Date = 6/17/2008 2:15:32 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 2/3/2008 11:25:06 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11112 bytes | Modified Date = 5/3/2005 8:56:50 AM | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8476 bytes | Modified Date = 6/12/2008 10:32:36 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data -> [Folder | Modified Date = 5/27/2005 1:33:48 PM | Attr = ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\data.dat -> [Ver = | Size = 11904 bytes | Modified Date = 5/27/2005 1:35:35 PM | Attr = ]
C:\Documents and Settings\Robert Schutz\Local Settings\temp\IXP000.TMP\ -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\IXP000.TMP\ -> [Folder | Modified Date = 7/13/2008 11:26:05 AM | Attr = ]
ShowMyPC.exe -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\IXP000.TMP\ShowMyPC.exe -> ShowMyPC [Ver = 6.01.0002 | Size = 2293760 bytes | Modified Date = 5/25/2008 7:48:02 PM | Attr = ]
smpcvc.exe -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\IXP000.TMP\smpcvc.exe -> [Ver = | Size = 36864 bytes | Modified Date = 4/6/2003 1:00:00 AM | Attr = ]
smvnview.exe -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\IXP000.TMP\smvnview.exe -> TightVNC Group [Ver = 1, 3, 9, 0 | Size = 380928 bytes | Modified Date = 5/7/2007 8:28:56 PM | Attr = ]
smwinvnc.exe -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\IXP000.TMP\smwinvnc.exe -> TightVNC Group [Ver = 1, 3, 9, 0 | Size = 573440 bytes | Modified Date = 11/5/2007 12:04:14 AM | Attr = ]
spcplink.exe -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\IXP000.TMP\spcplink.exe -> [Ver = | Size = 651264 bytes | Modified Date = 6/2/2005 3:36:44 PM | Attr = ]
C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries\ -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries -> [Folder | Modified Date = 7/11/2008 7:19:33 AM | Attr = ]
ScanningProcess.exe -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries\ScanningProcess.exe -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 7/11/2008 7:19:31 AM | Attr = ]
C:\Documents and Settings\Robert Schutz\Local Settings\temp\IXP000.TMP\ -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\IXP000.TMP\ -> [Folder | Modified Date = 7/13/2008 11:26:05 AM | Attr = ]
VNCHooks.dll -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\IXP000.TMP\VNCHooks.dll -> TightVNC Group [Ver = 1, 3, 9, 0 | Size = 77824 bytes | Modified Date = 5/7/2007 8:28:56 PM | Attr = ]
C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries\ -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries -> [Folder | Modified Date = 7/11/2008 7:19:33 AM | Attr = ]
FSSync.dll -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries\FSSync.dll -> Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 7/11/2008 7:19:30 AM | Attr = ]
ikave.dll -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries\ikave.dll -> [Ver = 5, 0, 1, 83 | Size = 65536 bytes | Modified Date = 7/11/2008 7:19:31 AM | Attr = ]
kave.dll -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries\kave.dll -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 7/11/2008 7:19:31 AM | Attr = ]
kosglue-7.0.25.0.dll -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries\kosglue-7.0.25.0.dll -> Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 7/11/2008 7:19:32 AM | Attr = ]
msvcm80.dll -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 479232 bytes | Modified Date = 7/11/2008 7:19:30 AM | Attr = ]
msvcp80.dll -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 548864 bytes | Modified Date = 7/11/2008 7:19:32 AM | Attr = ]
msvcr80.dll -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Modified Date = 7/11/2008 7:19:32 AM | Attr = ]
prLoader.dll -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries\prLoader.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 184320 bytes | Modified Date = 7/11/2008 7:19:32 AM | Attr = ]
prremote.dll -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries\prremote.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 90112 bytes | Modified Date = 7/11/2008 7:19:32 AM | Attr = ]
C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\engine\bases\ -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\engine\bases -> [Folder | Modified Date = 7/11/2008 7:24:57 AM | Attr = ]
sfdb.dat -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\engine\bases\sfdb.dat -> [Ver = | Size = 644236 bytes | Modified Date = 7/12/2008 1:50:41 AM | Attr = ]
C:\Documents and Settings\Robert Schutz\Local Settings\temp\IXP000.TMP\ -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\IXP000.TMP\ -> [Folder | Modified Date = 7/13/2008 11:26:05 AM | Attr = ]
settings.ini -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\IXP000.TMP\settings.ini -> [Ver = | Size = 49890 bytes | Modified Date = 5/24/2008 8:35:40 AM | Attr = ]
C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries\ -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries -> [Folder | Modified Date = 7/11/2008 7:19:33 AM | Attr = ]
_kave.ini -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\binaries\_kave.ini -> [Ver = | Size = 102 bytes | Modified Date = 7/11/2008 7:19:31 AM | Attr = ]
C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\engine\bases\ -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\engine\bases -> [Folder | Modified Date = 7/11/2008 7:24:57 AM | Attr = ]
verdicts.ini -> C:\Documents and Settings\Robert Schutz\Local Settings\temp\jkos-Robert Schutz\engine\bases\verdicts.ini -> [Ver = | Size = 4181 bytes | Modified Date = 7/11/2008 7:24:48 AM | Attr = ]

< End of report >
[/code]

Katana · July 2008

rayshoots wrote:

Sorry to post and then delete...Anyways, this is the last part. Thanks again for all your help

No problem, I was just making sure you weren't having difficulties

Please be patient, as you can see that is a lot of info to go through.

I will be back as soon as I can.

Virus stopping applications

Comments