need some help

[opiegm29]

I need some help to get rid of bot. Here is my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:11 AM, on 8/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {48675552-6552-4577-9223-9BAE74F38C61} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {854ac8ba-afd3-dd3a-5d9c-cb3d1c3187c1} - (no file)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP CD-DVD] C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe
O4 - HKLM\..\Run: [HPCDRW Reminder] "C:\Program Files\HP CD-DVD\Webreg\NAVBrowser.exe" /r /i "C:\Program Files\HP CD-DVD\Webreg\NavLoad.ini"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [{3d70c4bd-a99d-232d-49f4-f24bf41f0ba5}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\nwfplnnheo.dll" DllStart
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219247995827
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...38/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O20 - Winlogon Notify: hgGxUNFy - C:\WINDOWS\
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9771 bytes

 

[Shaba]

Hi opiegm29

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

• Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • In the Files Created Within group click 30 days
  • In the Files Modified Within group select 30 days
  • In the File String Search group select Non-Microsoft
• Now click the Run Scan button on the toolbar.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

 

[opiegm29]

ok Here it is :


OTScanIt logfile created on: 8/26/2008 8:50:48 AM
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\gary curtis\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

319.48 Mb Total Physical Memory | 125.74 Mb Available Physical Memory | 39.36% Memory free
777.00 Mb Paging File | 459.41 Mb Available in Paging File | 59.13% Paging File free
Paging file location(s): C:\pagefile.sys 480 960;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.36 Gb Total Space | 69.31 Gb Free Space | 74.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CJ
Current User Name: gary curtis
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ]
calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 2, 0, 1 | Size = 96341 bytes | Modified Date = 3/30/2006 9:15:44 AM | Attr = ]
hpztsb04.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb04.exe -> HP [Ver = 2,80,0,0 | Size = 196608 bytes | Modified Date = 10/22/2001 11:05:45 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 8/20/2008 9:44:32 PM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 2/9/2008 7:06:33 PM | Attr = ]
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 2, 0, 1 | Size = 96341 bytes | Modified Date = 3/30/2006 9:15:44 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 7:12:17 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.1.238 | Size = 3220856 bytes | Modified Date = 8/4/2008 11:20:16 AM | Attr = ]
(LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 8:47:02 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 8/20/2008 9:44:32 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
{3d70c4bd-a99d-232d-49f4-f24bf41f0ba5} -> %SystemRoot%\system32\nwfplnnheo.DLL [C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\nwfplnnheo.dll" DllStart] -> File not found
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe [C:\Program Files\Common Files\Symantec Shared\ccApp.exe] -> Symantec Corporation [Ver = 107.0.4.2 | Size = 51048 bytes | Modified Date = 1/25/2008 8:47:22 PM | Attr = ]
HP CD-DVD -> %ProgramFiles%\HP CD-DVD\Umbrella\hpcdtray.exe [C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe] -> Hewlett-Packard Company [Ver = 1.1 | Size = 36864 bytes | Modified Date = 6/19/2001 2:54:48 PM | Attr = ]
HPCDRW Reminder -> %ProgramFiles%\HP CD-DVD\Webreg\NAVBrowser.exe ["C:\Program Files\HP CD-DVD\Webreg\NAVBrowser.exe" /r /i "C:\Program Files\HP CD-DVD\Webreg\NavLoad.ini"] -> Naviant, Inc. [Ver = 1.0.0.15 | Size = 212992 bytes | Modified Date = 3/15/2001 12:48:52 PM | Attr = ]
HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb04.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe] -> HP [Ver = 2,80,0,0 | Size = 196608 bytes | Modified Date = 10/22/2001 11:05:45 AM | Attr = ]
osCheck -> %ProgramFiles%\Norton AntiVirus\osCheck.exe ["C:\Program Files\Norton AntiVirus\osCheck.exe"] -> Symantec Corporation [Ver = 15.5.0.32 | Size = 718704 bytes | Modified Date = 2/7/2008 1:49:38 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< gary curtis Startup Folder > -> C:\Documents and Settings\gary curtis\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll schannel.dll digest.dll msnsspc.dll -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 7:12:19 PM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 7:12:38 PM | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 7:12:24 PM | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 7:12:41 PM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 1:40:46 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHP_CD-Writer_cd16r______________________OKS1____\5&20ff319f&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomCOMPAQ_DVD-ROM_GD-2000__________________0056____\5&20ff319f&0&0.1.0 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 12/29/2005 4:28:17 PM | Attr = ]
< HOSTS File > (87832 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://home.peoplepc.com/search ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://cm.my.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 15, 1 | Size = 878352 bytes | Modified Date = 1/15/2008 11:55:38 AM | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> <local> ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 4751 domain(s) found. ->
44 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 4749 domain(s) found. ->
43 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2008, 1, 15, 1 | Size = 878352 bytes | Modified Date = 1/15/2008 11:55:38 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{48675552-6552-4577-9223-9BAE74F38C61} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr = ]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.2.0.81 | Size = 116088 bytes | Modified Date = 8/20/2008 9:53:39 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
{A8FB8EB3-183B-4598-924D-86F0E5E37085} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 15, 1 | Size = 878352 bytes | Modified Date = 1/15/2008 11:55:38 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 15, 1 | Size = 878352 bytes | Modified Date = 1/15/2008 11:55:38 AM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ]
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> PokerStars [Ver = 1.030 | Size = 435088 bytes | Modified Date = 12/29/2007 10:55:04 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Yahoo! Search -> -> File not found
Yahoo! &Dictionary -> -> File not found
Yahoo! &Maps -> -> File not found
Yahoo! &SMS -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0908EA05-1C60-44A2-9AA4-E4CA3F0375CD} -> () ->
{C9BA09FF-4318-46B5-9FF4-6C48F73A8198} -> (3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX)) ->
{E182AF87-E53F-4EB0-9B17-8009DA16BC1A} -> (Belkin Wireless G USB Network Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab[Windows Live Safety Center Base Module] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219538963776[MUWebControl Class] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/StagingUI.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/StagingUI.ocx\\.Owner -> {05D44720-58E3-49E6-BDF6-D00330E511D3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/StagingUI.ocx\\{05D44720-58E3-49E6-BDF6-D00330E511D3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/StProxy.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/StProxy.dll\\.Owner -> {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/StProxy.dll\\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ZBuddy.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ZBuddy.ocx\\.Owner -> {3BB54395-5982-4788-8AF4-B5388FFDD0D8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ZBuddy.ocx\\{3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ZIntro.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ZPAChat.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ZPAChat.ocx\\.Owner -> {5736C456-EA94-4AAC-BB08-917ABDD035B3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ZPAChat.ocx\\{5736C456-EA94-4AAC-BB08-917ABDD035B3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/zpa_hrtz.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/zpa_hrtz.ocx\\.Owner -> {95B5D20C-BD31-4489-8ABF-F8C8BE748463} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/zpa_hrtz.ocx\\{95B5D20C-BD31-4489-8ABF-F8C8BE748463} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\.Owner -> {48DD0448-9209-4F81-9F6D-D83562940134} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\{48DD0448-9209-4F81-9F6D-D83562940134} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ppcwebi.6.1.3.6.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ppcwebi.6.1.3.6.dll\\.Owner -> {192F9A01-8030-48CE-9BC6-B03DE3E613C6} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ppcwebi.6.1.3.6.dll\\{192F9A01-8030-48CE-9BC6-B03DE3E613C6} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\EA_Sports_ChampionshipBass -> EA_Sports_ChampionshipBass ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> EA_Sports_ChampionshipBass ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\EA_Sports_ChampionshipBass -> EA_Sports_ChampionshipBass ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> EA_Sports_ChampionshipBass ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\EA_Sports_ChampionshipBass -> EA_Sports_ChampionshipBass ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> EA_Sports_ChampionshipBass ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{48DD0448-9209-4F81-9F6D-D83562940134} -> ->

 

[opiegm29]

here is the rest:

[Files/Folders - Created Within 30 days]
4609.bat -> %SystemDrive%\4609.bat -> [Ver = | Size = 73 bytes | Created Date = 8/13/2008 4:55:03 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 335073280 bytes | Created Date = 8/22/2008 7:44:56 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 8/13/2008 4:54:56 PM | Attr = ]
adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Created Date = 8/20/2008 1:50:01 PM | Attr = ]
adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Created Date = 8/20/2008 1:50:01 PM | Attr = ]
adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Created Date = 8/20/2008 1:50:01 PM | Attr = ]
adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Created Date = 8/20/2008 1:50:02 PM | Attr = ]
adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Created Date = 8/20/2008 1:50:02 PM | Attr = ]
adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Created Date = 8/20/2008 1:50:02 PM | Attr = ]
adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Created Date = 8/20/2008 1:50:02 PM | Attr = ]
amdagp.sys -> %SystemRoot%\System32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Created Date = 8/20/2008 1:50:13 PM | Attr = ]
ati1btxx.sys -> %SystemRoot%\System32\drivers\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 8/20/2008 1:50:46 PM | Attr = ]
ati1mdxx.sys -> %SystemRoot%\System32\drivers\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 8/20/2008 1:50:46 PM | Attr = ]
ati1pdxx.sys -> %SystemRoot%\System32\drivers\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 8/20/2008 1:50:46 PM | Attr = ]
ati1raxx.sys -> %SystemRoot%\System32\drivers\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 8/20/2008 1:50:46 PM | Attr = ]
ati1rvxx.sys -> %SystemRoot%\System32\drivers\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 8/20/2008 1:50:46 PM | Attr = ]
ati1snxx.sys -> %SystemRoot%\System32\drivers\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 8/20/2008 1:50:46 PM | Attr = ]
ati1ttxx.sys -> %SystemRoot%\System32\drivers\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 8/20/2008 1:50:46 PM | Attr = ]
ati1tuxx.sys -> %SystemRoot%\System32\drivers\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 8/20/2008 1:50:46 PM | Attr = ]
ati1xbxx.sys -> %SystemRoot%\System32\drivers\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 8/20/2008 1:50:47 PM | Attr = ]
ati1xsxx.sys -> %SystemRoot%\System32\drivers\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 8/20/2008 1:50:47 PM | Attr = ]
ati2mtaa.sys -> %SystemRoot%\System32\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 8/20/2008 1:50:49 PM | Attr = ]
ati2mtag.sys -> %SystemRoot%\System32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Created Date = 8/20/2008 1:50:50 PM | Attr = ]
atinbtxx.sys -> %SystemRoot%\System32\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 8/20/2008 1:51:01 PM | Attr = ]
atinmdxx.sys -> %SystemRoot%\System32\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 8/20/2008 1:51:01 PM | Attr = ]
atinpdxx.sys -> %SystemRoot%\System32\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 8/20/2008 1:51:01 PM | Attr = ]
atinraxx.sys -> %SystemRoot%\System32\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 8/20/2008 1:51:01 PM | Attr = ]
atinrvxx.sys -> %SystemRoot%\System32\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 8/20/2008 1:51:01 PM | Attr = ]
atinsnxx.sys -> %SystemRoot%\System32\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 8/20/2008 1:51:02 PM | Attr = ]
atinttxx.sys -> %SystemRoot%\System32\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 8/20/2008 1:51:02 PM | Attr = ]
atintuxx.sys -> %SystemRoot%\System32\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 8/20/2008 1:51:02 PM | Attr = ]
atinxbxx.sys -> %SystemRoot%\System32\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 8/20/2008 1:51:02 PM | Attr = ]
atinxsxx.sys -> %SystemRoot%\System32\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 8/20/2008 1:51:02 PM | Attr = ]
ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> [Ver = | Size = 64352 bytes | Created Date = 8/20/2008 1:51:03 PM | Attr = ]
atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Created Date = 8/20/2008 1:51:06 PM | Attr = ]
atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Created Date = 8/20/2008 1:51:06 PM | Attr = ]
atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 8/20/2008 1:51:06 PM | Attr = ]
atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Created Date = 8/20/2008 1:51:06 PM | Attr = ]
atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Created Date = 8/20/2008 1:51:07 PM | Attr = ]
ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Created Date = 8/20/2008 1:51:34 PM | Attr = ]
core.cache(10).dsk -> %SystemRoot%\System32\drivers\core.cache(10).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(11).dsk -> %SystemRoot%\System32\drivers\core.cache(11).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(12).dsk -> %SystemRoot%\System32\drivers\core.cache(12).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(13).dsk -> %SystemRoot%\System32\drivers\core.cache(13).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(14).dsk -> %SystemRoot%\System32\drivers\core.cache(14).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(15).dsk -> %SystemRoot%\System32\drivers\core.cache(15).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(16).dsk -> %SystemRoot%\System32\drivers\core.cache(16).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(17).dsk -> %SystemRoot%\System32\drivers\core.cache(17).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(18).dsk -> %SystemRoot%\System32\drivers\core.cache(18).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(19).dsk -> %SystemRoot%\System32\drivers\core.cache(19).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(2).dsk -> %SystemRoot%\System32\drivers\core.cache(2).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(20).dsk -> %SystemRoot%\System32\drivers\core.cache(20).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(21).dsk -> %SystemRoot%\System32\drivers\core.cache(21).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(3).dsk -> %SystemRoot%\System32\drivers\core.cache(3).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(4).dsk -> %SystemRoot%\System32\drivers\core.cache(4).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(5).dsk -> %SystemRoot%\System32\drivers\core.cache(5).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(6).dsk -> %SystemRoot%\System32\drivers\core.cache(6).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(7).dsk -> %SystemRoot%\System32\drivers\core.cache(7).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(8).dsk -> %SystemRoot%\System32\drivers\core.cache(8).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
core.cache(9).dsk -> %SystemRoot%\System32\drivers\core.cache(9).dsk -> [Ver = | Size = 167976 bytes | Created Date = 8/13/2008 4:55:25 PM | Attr = ]
cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty -> [Ver = | Size = 129045 bytes | Created Date = 8/20/2008 1:52:24 PM | Attr = ]
drvmcdb.sys -> %SystemRoot%\System32\drivers\drvmcdb.sys -> VERITAS Software, Inc. [Ver = 3.20.83b | Size = 75136 bytes | Created Date = 8/13/2008 11:55:02 AM | Attr = ]
drvnddm.sys -> %SystemRoot%\System32\drivers\drvnddm.sys -> VERITAS Software, Inc. [Ver = 2.55.99a | Size = 38752 bytes | Created Date = 8/13/2008 11:55:02 AM | Attr = ]
hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 8/20/2008 1:54:51 PM | Attr = ]
hpcd2k.sys -> %SystemRoot%\System32\drivers\hpcd2k.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 4421 bytes | Created Date = 8/13/2008 11:55:30 AM | Attr = ]
hsfbs2s2.sys -> %SystemRoot%\System32\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 8/20/2008 1:55:03 PM | Attr = ]
hsfcxts2.sys -> %SystemRoot%\System32\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 8/20/2008 1:55:04 PM | Attr = ]
hsfdpsp2.sys -> %SystemRoot%\System32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 8/20/2008 1:55:06 PM | Attr = ]
mdmxsdk.sys -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Created Date = 8/20/2008 1:59:22 PM | Attr = ]
mtlmnt5.sys -> %SystemRoot%\System32\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 8/20/2008 2:03:19 PM | Attr = ]
mtlstrm.sys -> %SystemRoot%\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 8/20/2008 2:03:20 PM | Attr = ]
mtxparhm.sys -> %SystemRoot%\System32\drivers\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 8/20/2008 2:03:28 PM | Attr = ]
netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [Ver = | Size = 67866 bytes | Created Date = 8/20/2008 2:03:52 PM | Attr = ]
ntmtlfax.sys -> %SystemRoot%\System32\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 8/20/2008 2:04:33 PM | Attr = ]
nv4_mini.sys -> %SystemRoot%\System32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Created Date = 8/20/2008 2:04:55 PM | Attr = ]
recagent.sys -> %SystemRoot%\System32\drivers\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 8/20/2008 2:06:34 PM | Attr = ]
s3gnbm.sys -> %SystemRoot%\System32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 8/20/2008 2:06:50 PM | Attr = ]
siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Created Date = 8/20/2008 2:07:44 PM | Attr = ]
sisagp.sys -> %SystemRoot%\System32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Created Date = 8/20/2008 2:07:44 PM | Attr = ]
slnt7554.sys -> %SystemRoot%\System32\drivers\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 8/20/2008 2:07:49 PM | Attr = ]
slntamr.sys -> %SystemRoot%\System32\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 8/20/2008 2:07:49 PM | Attr = ]
slnthal.sys -> %SystemRoot%\System32\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 8/20/2008 2:07:50 PM | Attr = ]
slwdmsup.sys -> %SystemRoot%\System32\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 8/20/2008 2:07:51 PM | Attr = ]
sscdbhk5.sys -> %SystemRoot%\System32\drivers\sscdbhk5.sys -> VERITAS Software, Inc. [Ver = 1.10.30b | Size = 5248 bytes | Created Date = 8/13/2008 11:55:02 AM | Attr = ]
ssrtln.sys -> %SystemRoot%\System32\drivers\ssrtln.sys -> VERITAS Software, Inc. [Ver = 1.10.30b | Size = 22912 bytes | Created Date = 8/13/2008 11:55:00 AM | Attr = ]
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10671 bytes | Created Date = 8/20/2008 7:17:33 PM | Attr = ]
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Created Date = 8/20/2008 7:17:32 PM | Attr = ]
SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Created Date = 8/20/2008 9:25:05 PM | Attr = ]
vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Created Date = 8/20/2008 2:10:11 PM | Attr = ]
wadv07nt.sys -> %SystemRoot%\System32\drivers\wadv07nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11807 bytes | Created Date = 8/20/2008 2:10:23 PM | Attr = ]
wadv08nt.sys -> %SystemRoot%\System32\drivers\wadv08nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11295 bytes | Created Date = 8/20/2008 2:10:23 PM | Attr = ]
wadv09nt.sys -> %SystemRoot%\System32\drivers\wadv09nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11871 bytes | Created Date = 8/20/2008 2:10:24 PM | Attr = ]
wadv11nt.sys -> %SystemRoot%\System32\drivers\wadv11nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11935 bytes | Created Date = 8/20/2008 2:10:24 PM | Attr = ]
watv06nt.sys -> %SystemRoot%\System32\drivers\watv06nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 22271 bytes | Created Date = 8/20/2008 2:10:25 PM | Attr = ]
watv10nt.sys -> %SystemRoot%\System32\drivers\watv10nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 8/20/2008 2:10:25 PM | Attr = ]
ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Created Date = 8/20/2008 1:50:47 PM | Attr = ]
ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 8/20/2008 1:50:48 PM | Attr = ]
ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Created Date = 8/20/2008 1:50:49 PM | Attr = ]
ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 8/20/2008 1:50:51 PM | Attr = ]
ati3duag.dll -> %SystemRoot%\System32\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0231 | Size = 1888992 bytes | Created Date = 8/20/2008 1:50:56 PM | Attr = ]
ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 8/20/2008 1:51:03 PM | Attr = ]
ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 8/20/2008 1:51:03 PM | Attr = ]
ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 8/20/2008 1:51:03 PM | Attr = ]
ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.01.0009 | Size = 516768 bytes | Created Date = 8/20/2008 1:51:03 PM | Attr = ]
bits -> %SystemRoot%\System32\bits -> [Folder | Created Date = 8/20/2008 5:43:11 PM | Attr = ]
dla -> %SystemRoot%\System32\dla -> [Folder | Created Date = 8/13/2008 11:54:59 AM | Attr = ]
en -> %SystemRoot%\System32\en -> [Folder | Created Date = 8/20/2008 5:43:15 PM | Attr = ]
fin2 -> %SystemRoot%\System32\fin2 -> [Folder | Created Date = 8/13/2008 4:55:10 PM | Attr = ]
fx -> %SystemRoot%\System32\fx -> [Folder | Created Date = 8/13/2008 4:55:10 PM | Attr = ]
gps -> %SystemRoot%\System32\gps -> [Folder | Created Date = 8/13/2008 4:55:10 PM | Attr = ]
hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 8/20/2008 1:55:04 PM | Attr = ]
mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Created Date = 8/20/2008 1:59:22 PM | Attr = ]
mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 8/20/2008 2:03:24 PM | Attr = ]
nv4_disp.dll -> %SystemRoot%\System32\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Created Date = 8/20/2008 2:04:46 PM | Attr = ]
pid.inf -> %SystemRoot%\System32\pid.inf -> [Ver = | Size = 1261 bytes | Created Date = 8/20/2008 1:55:31 PM | Attr = ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Created Date = 8/20/2008 4:47:51 PM | Attr = ]
S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.4.2 | Size = 60800 bytes | Created Date = 8/20/2008 9:25:07 PM | Attr = ]
s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 8/20/2008 2:06:49 PM | Attr = ]
scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 8/20/2008 5:43:25 PM | Attr = ]
slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 8/20/2008 2:07:47 PM | Attr = ]
slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 8/20/2008 2:07:47 PM | Attr = ]
slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 8/20/2008 2:07:48 PM | Attr = ]
slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 8/20/2008 2:07:51 PM | Attr = ]
slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 8/20/2008 2:07:51 PM | Attr = ]
tfswapi.dll -> %SystemRoot%\System32\tfswapi.dll -> VERITAS Software, Inc. [Ver = 1.02.27b | Size = 45108 bytes | Created Date = 8/13/2008 11:55:00 AM | Attr = ]
vbzip10.dll -> %SystemRoot%\System32\vbzip10.dll -> Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Created Date = 8/13/2008 4:58:30 PM | Attr = ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 8/20/2008 4:25:07 PM | Attr = H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
dla.exe -> %SystemRoot%\dla.exe -> VERITAS Software, Inc. [Ver = 1.02.27b | Size = 86064 bytes | Created Date = 8/13/2008 11:55:00 AM | Attr = ]
EHome -> %SystemRoot%\EHome -> [Folder | Created Date = 8/20/2008 4:24:52 PM | Attr = ]
l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 8/20/2008 5:43:21 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 8/20/2008 6:22:14 PM | Attr = ]
R2FyeSBNY2ZhZGRlbg -> %SystemRoot%\R2FyeSBNY2ZhZGRlbg -> [Folder | Created Date = 8/13/2008 4:55:47 PM | Attr = HS]
rouz -> %SystemRoot%\rouz -> [Folder | Created Date = 8/14/2008 8:02:07 PM | Attr = ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 8/20/2008 5:16:18 PM | Attr = ]
slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 8/20/2008 2:07:51 PM | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Created Date = 8/24/2008 6:14:18 PM | Attr = H ]
Norton AntiVirus - Run Full System Scan - gary curtis.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - gary curtis.job -> [Ver = | Size = 568 bytes | Created Date = 8/20/2008 10:11:59 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
15eeea04324f88761f9ddaa2e687 -> %SystemDrive%\15eeea04324f88761f9ddaa2e687 -> [Folder | Modified Date = 8/23/2008 11:14:42 PM | Attr = ]
4609.bat -> %SystemDrive%\4609.bat -> [Ver = | Size = 73 bytes | Modified Date = 8/13/2008 4:55:03 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/25/2008 5:23:36 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 335073280 bytes | Modified Date = 8/26/2008 6:35:53 AM | Attr = HS]
ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 250048 bytes | Modified Date = 8/20/2008 4:55:53 PM | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/24/2008 6:09:19 PM | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 8/21/2008 10:40:19 PM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 8/23/2008 11:33:36 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/25/2008 6:23:39 PM | Attr = ]
coh_mon.cat -> %SystemRoot%\System32\drivers\coh_mon.cat -> [Ver = | Size = 10537 bytes | Modified Date = 7/30/2008 5:28:04 PM | Attr = ]
COH_Mon.inf -> %SystemRoot%\System32\drivers\COH_Mon.inf -> [Ver = | Size = 706 bytes | Modified Date = 7/30/2008 5:28:04 PM | Attr = ]
COH_Mon.sys -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23888 bytes | Modified Date = 7/30/2008 5:42:12 PM | Attr = ]
core.cache(10).dsk -> %SystemRoot%\System32\drivers\core.cache(10).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(11).dsk -> %SystemRoot%\System32\drivers\core.cache(11).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(12).dsk -> %SystemRoot%\System32\drivers\core.cache(12).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(13).dsk -> %SystemRoot%\System32\drivers\core.cache(13).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(14).dsk -> %SystemRoot%\System32\drivers\core.cache(14).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(15).dsk -> %SystemRoot%\System32\drivers\core.cache(15).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(16).dsk -> %SystemRoot%\System32\drivers\core.cache(16).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(17).dsk -> %SystemRoot%\System32\drivers\core.cache(17).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(18).dsk -> %SystemRoot%\System32\drivers\core.cache(18).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(19).dsk -> %SystemRoot%\System32\drivers\core.cache(19).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(2).dsk -> %SystemRoot%\System32\drivers\core.cache(2).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(20).dsk -> %SystemRoot%\System32\drivers\core.cache(20).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(21).dsk -> %SystemRoot%\System32\drivers\core.cache(21).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(3).dsk -> %SystemRoot%\System32\drivers\core.cache(3).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(4).dsk -> %SystemRoot%\System32\drivers\core.cache(4).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(5).dsk -> %SystemRoot%\System32\drivers\core.cache(5).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(6).dsk -> %SystemRoot%\System32\drivers\core.cache(6).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(7).dsk -> %SystemRoot%\System32\drivers\core.cache(7).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(8).dsk -> %SystemRoot%\System32\drivers\core.cache(8).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
core.cache(9).dsk -> %SystemRoot%\System32\drivers\core.cache(9).dsk -> [Ver = | Size = 167976 bytes | Modified Date = 8/13/2008 4:55:26 PM | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 8/22/2008 10:22:08 AM | Attr = ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 87832 bytes | Modified Date = 8/22/2008 6:38:32 PM | Attr = R ]
hosts.20080822-102208.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080822-102208.backup -> [Ver = | Size = 259874 bytes | Modified Date = 8/21/2008 10:20:15 PM | Attr = R ]
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10671 bytes | Modified Date = 8/25/2008 5:09:38 PM | Attr = ]
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 8/25/2008 5:09:37 PM | Attr = ]
SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Modified Date = 8/25/2008 5:09:35 PM | Attr = ]
bits -> %SystemRoot%\System32\bits -> [Folder | Modified Date = 8/20/2008 5:43:12 PM | Attr = ]
CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 8/20/2008 6:14:44 PM | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/26/2008 6:42:56 AM | Attr = ]
Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 8/20/2008 5:14:45 PM | Attr = ]
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 8/18/2008 8:40:41 AM | Attr = ]
dla -> %SystemRoot%\System32\dla -> [Folder | Modified Date = 8/13/2008 11:55:02 AM | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/21/2008 1:22:32 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/25/2008 5:16:06 PM | Attr = ]
en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 8/20/2008 5:43:15 PM | Attr = ]
en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 8/20/2008 5:43:32 PM | Attr = ]
fin2 -> %SystemRoot%\System32\fin2 -> [Folder | Modified Date = 8/13/2008 4:55:10 PM | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 115768 bytes | Modified Date = 8/20/2008 6:20:36 PM | Attr = ]
fx -> %SystemRoot%\System32\fx -> [Folder | Modified Date = 8/22/2008 7:50:38 PM | Attr = ]
gps -> %SystemRoot%\System32\gps -> [Folder | Modified Date = 8/22/2008 7:51:04 PM | Attr = ]
npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 8/20/2008 5:15:25 PM | Attr = ]
oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 8/20/2008 5:10:55 PM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 40196 bytes | Modified Date = 8/20/2008 6:28:02 PM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 311934 bytes | Modified Date = 8/20/2008 6:28:02 PM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Modified Date = 8/20/2008 6:27:59 PM | Attr = ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 8/20/2008 4:48:22 PM | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/20/2008 5:15:26 PM | Attr = ]
S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.4.2 | Size = 60800 bytes | Modified Date = 8/25/2008 5:09:34 PM | Attr = ]
scripting -> %SystemRoot%\System32\scripting -> [Folder | Modified Date = 8/20/2008 5:43:26 PM | Attr = ]
Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 8/20/2008 6:20:04 PM | Attr = ]
usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 8/20/2008 5:43:31 PM | Attr = ]
vbzip10.dll -> %SystemRoot%\System32\vbzip10.dll -> Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Modified Date = 8/13/2008 4:58:30 PM | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 8/20/2008 6:20:02 PM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 8/26/2008 6:38:19 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/21/2008 8:02:05 AM | Attr = H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 8/20/2008 4:46:34 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 8/20/2008 6:20:04 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/26/2008 6:37:49 AM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 8/20/2008 8:26:04 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/23/2008 11:41:18 PM | Attr = S]
EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 8/20/2008 4:24:52 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 8/23/2008 11:08:46 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 8/23/2008 8:24:30 PM | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 8/20/2008 9:36:38 AM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 8/20/2008 5:46:43 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/21/2008 1:23:40 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/25/2008 5:16:01 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/25/2008 5:19:11 PM | Attr = HS]
l2schemas -> %SystemRoot%\l2schemas -> [Folder | Modified Date = 8/20/2008 5:43:23 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 7/29/2008 8:35:52 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 8/20/2008 5:15:19 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 8/20/2008 5:46:45 PM | Attr = ]
pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 8/24/2008 6:09:20 PM | Attr = ]
PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 8/20/2008 5:43:11 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/26/2008 8:49:41 AM | Attr = ]
R2FyeSBNY2ZhZGRlbg -> %SystemRoot%\R2FyeSBNY2ZhZGRlbg -> [Folder | Modified Date = 8/22/2008 6:37:30 PM | Attr = HS]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 8/23/2008 7:15:22 PM | Attr = ]
rouz -> %SystemRoot%\rouz -> [Folder | Modified Date = 8/14/2008 8:02:31 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 8/20/2008 6:18:44 PM | Attr = ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 8/20/2008 5:47:13 PM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 8/20/2008 5:15:08 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 8/20/2008 5:10:40 PM | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/25/2008 4:43:15 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 8/26/2008 6:47:29 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/26/2008 8:47:21 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 764 bytes | Modified Date = 8/23/2008 11:23:58 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 18547 bytes | Modified Date = 8/19/2008 7:14:00 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 8/24/2008 6:09:48 PM | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 8/26/2008 6:47:30 AM | Attr = H ]
Norton AntiVirus - Run Full System Scan - gary curtis.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - gary curtis.job -> [Ver = | Size = 568 bytes | Modified Date = 8/25/2008 8:35:50 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/26/2008 6:39:24 AM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 5/20/2006 11:52:42 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6776 bytes | Modified Date = 8/24/2008 6:12:55 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5527 bytes | Modified Date = 8/24/2008 6:12:55 PM | Attr = ]
C:\Documents and Settings\gary curtis\Local Settings\Temp\ -> C:\Documents and Settings\gary curtis\Local Settings\Temp -> [Folder | Modified Date = 8/26/2008 8:45:26 AM | Attr = ]
_is1.exe -> C:\Documents and Settings\gary curtis\Local Settings\Temp\_is1.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 455600 bytes | Modified Date = 1/19/2007 2:46:42 PM | Attr = R ]
_is2.exe -> C:\Documents and Settings\gary curtis\Local Settings\Temp\_is2.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 455600 bytes | Modified Date = 1/19/2007 2:46:42 PM | Attr = R ]
33 C:\Documents and Settings\gary curtis\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\gary curtis\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\gary curtis\Local Settings\Temp\VIES2BB8\ -> C:\Documents and Settings\gary curtis\Local Settings\Temp\VIES2BB8 -> [Folder | Modified Date = 8/13/2008 11:53:50 AM | Attr = ]
Ins9XMsi.exe -> C:\Documents and Settings\gary curtis\Local Settings\Temp\VIES2BB8\Ins9XMsi.exe -> Microsoft Corporation [Ver = 1.20.1827.0 | Size = 1507584 bytes | Modified Date = 6/8/2001 2:00:00 AM | Attr = R ]
InsNTMsi.exe -> C:\Documents and Settings\gary curtis\Local Settings\Temp\VIES2BB8\InsNTMsi.exe -> Microsoft Corporation [Ver = 1.20.1827.0 | Size = 1520896 bytes | Modified Date = 6/8/2001 2:00:00 AM | Attr = R ]
Setup.exe -> C:\Documents and Settings\gary curtis\Local Settings\Temp\VIES2BB8\Setup.exe -> [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Modified Date = 6/8/2001 2:00:00 AM | Attr = R ]
C:\Documents and Settings\gary curtis\Local Settings\Temp\{6C45862A-F7AD-48F4-8A2A-FC4B4D4AF431}\ -> C:\Documents and Settings\gary curtis\Local Settings\Temp\{6C45862A-F7AD-48F4-8A2A-FC4B4D4AF431} -> [Folder | Modified Date = 7/23/2008 6:18:32 PM | Attr = ]
ISSetup.dll -> C:\Documents and Settings\gary curtis\Local Settings\Temp\{6C45862A-F7AD-48F4-8A2A-FC4B4D4AF431}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.58851 | Size = 492032 bytes | Modified Date = 4/5/2007 1:36:12 AM | Attr = R ]
_Setup.dll -> C:\Documents and Settings\gary curtis\Local Settings\Temp\{6C45862A-F7AD-48F4-8A2A-FC4B4D4AF431}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 5/16/2006 10:21:04 PM | Attr = R ]
C:\Documents and Settings\gary curtis\Local Settings\Temp\{F475BE0A-9A3E-477F-ADEB-1EB352964E98}\ -> C:\Documents and Settings\gary curtis\Local Settings\Temp\{F475BE0A-9A3E-477F-ADEB-1EB352964E98} -> [Folder | Modified Date = 7/23/2008 9:04:44 PM | Attr = ]
ISSetup.dll -> C:\Documents and Settings\gary curtis\Local Settings\Temp\{F475BE0A-9A3E-477F-ADEB-1EB352964E98}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.58851 | Size = 492032 bytes | Modified Date = 4/5/2007 1:36:12 AM | Attr = R ]
_Setup.dll -> C:\Documents and Settings\gary curtis\Local Settings\Temp\{F475BE0A-9A3E-477F-ADEB-1EB352964E98}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 5/16/2006 10:21:04 PM | Attr = R ]
C:\Documents and Settings\gary curtis\Local Settings\Temp\VIES2BB8\ -> C:\Documents and Settings\gary curtis\Local Settings\Temp\VIES2BB8 -> [Folder | Modified Date = 8/13/2008 11:53:50 AM | Attr = ]
mfc42.dll -> C:\Documents and Settings\gary curtis\Local Settings\Temp\VIES2BB8\mfc42.dll -> Microsoft Corporation [Ver = 6.00.8267.0 | Size = 995383 bytes | Modified Date = 6/8/2001 2:00:00 AM | Attr = R ]
msvcrt.dll -> C:\Documents and Settings\gary curtis\Local Settings\Temp\VIES2BB8\msvcrt.dll -> Microsoft Corporation [Ver = 6.00.8337.0 | Size = 266293 bytes | Modified Date = 6/8/2001 2:00:00 AM | Attr = R ]
C:\Documents and Settings\gary curtis\Local Settings\Temp\VIES2BB8\ -> C:\Documents and Settings\gary curtis\Local Settings\Temp\VIES2BB8 -> [Folder | Modified Date = 8/13/2008 11:53:50 AM | Attr = ]
Setup.ini -> C:\Documents and Settings\gary curtis\Local Settings\Temp\VIES2BB8\Setup.ini -> [Ver = | Size = 643 bytes | Modified Date = 6/13/2001 1:23:30 PM | Attr = R ]
urldata.ini -> C:\Documents and Settings\gary curtis\Local Settings\Temp\VIES2BB8\urldata.ini -> [Ver = | Size = 154 bytes | Modified Date = 6/13/2001 2:01:00 AM | Attr = R ]

< End of report >
[/code]

 

[Shaba]

Open OTScanIt.

Paste text below to Paste Fix here (upper right corner)

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> {3d70c4bd-a99d-232d-49f4-f24bf41f0ba5} -> %SystemRoot%\system32\nwfplnnheo.DLL [C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\nwfplnnheo.dll" DllStart]

[Files/Folders - Created Within 30 days]
NY -> core.cache(10).dsk -> %SystemRoot%\System32\drivers\core.cache(10).dsk
NY -> core.cache(11).dsk -> %SystemRoot%\System32\drivers\core.cache(11).dsk
NY -> core.cache(12).dsk -> %SystemRoot%\System32\drivers\core.cache(12).dsk
NY -> core.cache(13).dsk -> %SystemRoot%\System32\drivers\core.cache(13).dsk
NY -> core.cache(14).dsk -> %SystemRoot%\System32\drivers\core.cache(14).dsk
NY -> core.cache(15).dsk -> %SystemRoot%\System32\drivers\core.cache(15).dsk
NY -> core.cache(16).dsk -> %SystemRoot%\System32\drivers\core.cache(16).dsk
NY -> core.cache(17).dsk -> %SystemRoot%\System32\drivers\core.cache(17).dsk
NY -> core.cache(18).dsk -> %SystemRoot%\System32\drivers\core.cache(18).dsk
NY -> core.cache(19).dsk -> %SystemRoot%\System32\drivers\core.cache(19).dsk
NY -> core.cache(2).dsk -> %SystemRoot%\System32\drivers\core.cache(2).dsk
NY -> core.cache(20).dsk -> %SystemRoot%\System32\drivers\core.cache(20).dsk
NY -> core.cache(21).dsk -> %SystemRoot%\System32\drivers\core.cache(21).dsk
NY -> core.cache(3).dsk -> %SystemRoot%\System32\drivers\core.cache(3).dsk
NY -> core.cache(4).dsk -> %SystemRoot%\System32\drivers\core.cache(4).dsk
NY -> core.cache(5).dsk -> %SystemRoot%\System32\drivers\core.cache(5).dsk
NY -> core.cache(6).dsk -> %SystemRoot%\System32\drivers\core.cache(6).dsk
NY -> core.cache(7).dsk -> %SystemRoot%\System32\drivers\core.cache(7).dsk
NY -> core.cache(8).dsk -> %SystemRoot%\System32\drivers\core.cache(8).dsk
NY -> core.cache(9).dsk -> %SystemRoot%\System32\drivers\core.cache(9).dsk
NY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> R2FyeSBNY2ZhZGRlbg -> %SystemRoot%\R2FyeSBNY2ZhZGRlbg
[Files/Folders - Modified Within 30 days]
NY -> core.cache(10).dsk -> %SystemRoot%\System32\drivers\core.cache(10).dsk
NY -> core.cache(11).dsk -> %SystemRoot%\System32\drivers\core.cache(11).dsk
NY -> core.cache(12).dsk -> %SystemRoot%\System32\drivers\core.cache(12).dsk
NY -> core.cache(13).dsk -> %SystemRoot%\System32\drivers\core.cache(13).dsk
NY -> core.cache(14).dsk -> %SystemRoot%\System32\drivers\core.cache(14).dsk
NY -> core.cache(15).dsk -> %SystemRoot%\System32\drivers\core.cache(15).dsk
NY -> core.cache(16).dsk -> %SystemRoot%\System32\drivers\core.cache(16).dsk
NY -> core.cache(17).dsk -> %SystemRoot%\System32\drivers\core.cache(17).dsk
NY -> core.cache(18).dsk -> %SystemRoot%\System32\drivers\core.cache(18).dsk
NY -> core.cache(19).dsk -> %SystemRoot%\System32\drivers\core.cache(19).dsk
NY -> core.cache(2).dsk -> %SystemRoot%\System32\drivers\core.cache(2).dsk
NY -> core.cache(20).dsk -> %SystemRoot%\System32\drivers\core.cache(20).dsk
NY -> core.cache(21).dsk -> %SystemRoot%\System32\drivers\core.cache(21).dsk
NY -> core.cache(3).dsk -> %SystemRoot%\System32\drivers\core.cache(3).dsk
NY -> core.cache(4).dsk -> %SystemRoot%\System32\drivers\core.cache(4).dsk
NY -> core.cache(5).dsk -> %SystemRoot%\System32\drivers\core.cache(5).dsk
NY -> core.cache(6).dsk -> %SystemRoot%\System32\drivers\core.cache(6).dsk
NY -> core.cache(7).dsk -> %SystemRoot%\System32\drivers\core.cache(7).dsk
NY -> core.cache(8).dsk -> %SystemRoot%\System32\drivers\core.cache(8).dsk
NY -> core.cache(9).dsk -> %SystemRoot%\System32\drivers\core.cache(9).dsk
NY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> R2FyeSBNY2ZhZGRlbg -> %SystemRoot%\R2FyeSBNY2ZhZGRlbg

Click Run Fix

If it doesn't run scan automatically, click Run Scan

Post back a fresh OTScanIt log, please.

 

[opiegm29]

here ya go

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\{3d70c4bd-a99d-232d-49f4-f24bf41f0ba5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d70c4bd-a99d-232d-49f4-f24bf41f0ba5}\ not found.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\drivers\core.cache(10).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(11).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(12).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(13).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(14).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(15).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(16).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(17).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(18).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(19).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(2).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(20).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(21).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(3).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(4).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(5).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(6).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(7).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(8).dsk moved successfully.
C:\WINDOWS\System32\drivers\core.cache(9).dsk moved successfully.
C:\WINDOWS\R2FyeSBNY2ZhZGRlbg folder moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\drivers\core.cache(10).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(11).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(12).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(13).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(14).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(15).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(16).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(17).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(18).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(19).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(2).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(20).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(21).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(3).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(4).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(5).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(6).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(7).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(8).dsk not found!
File C:\WINDOWS\System32\drivers\core.cache(9).dsk not found!
File C:\WINDOWS\R2FyeSBNY2ZhZGRlbgClick Run Fix not found!
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08262008_094303

 

[Shaba]

Looks better

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Please post contents of that file in your next reply along with a fresh HijackThis log.

 

[opiegm29]

here is the mbam-log

Malwarebytes' Anti-Malware 1.25
Database version: 1088
Windows 5.1.2600 Service Pack 3

7:06:01 PM 8/26/2008
mbam-log-08-26-2008 (19-06-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 97707
Time elapsed: 9 hour(s), 9 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{3d70c4bd-a99d-232d-49f4-f24bf41f0ba5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP796\A0176077.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP796\A0176082.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP796\A0176085.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP796\A0176087.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP796\A0176093.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP796\A0176095.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP796\A0176106.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP796\A0176107.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP796\A0176151.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP796\A0176156.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP796\A0176182.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP796\A0176183.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP798\A0183542.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP798\A0183552.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP798\A0183743.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP798\A0183808.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27B61D1E-F92C-4C01-BB01-A3738F3B5422}\RP798\A0183809.dll (Trojan.BHO) -> Quarantined and deleted successfully.

 

[opiegm29]

here is hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:31 PM, on 8/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {48675552-6552-4577-9223-9BAE74F38C61} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP CD-DVD] C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe
O4 - HKLM\..\Run: [HPCDRW Reminder] "C:\Program Files\HP CD-DVD\Webreg\NAVBrowser.exe" /r /i "C:\Program Files\HP CD-DVD\Webreg\NavLoad.ini"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219538963776
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8008 bytes

 

[Shaba]

Some leftovers there; we will get rid of them next.

Before that, do you have any malware problems left?

 

[opiegm29]

I'm not quite sure but my windows "security center" is still stopped.

 

[Shaba]

Right-click this link and save to Desktop.

Doubleclick securitycenterrestore.reg, click Yes and OK.

Reboot.

Let me know if it works now.

 

[opiegm29]

i can't tell any difference.

 

[Shaba]

Have you fixed anything related to security center with spybot?

 

[opiegm29]

not that I know of

 

[Shaba]

Can you start security center from services.msc (start - run - services.msc)?

 

[opiegm29]

duh. everytime seems to work it's just slooooooooooowwwwwww

 

[Shaba]

Are Remote Procedure Call (RPC) and Windows Management Instrumentation running?

 

[opiegm29]

you lost me there i got no ideal what or where them are at or do

 

[Shaba]

They are services and you can check their status from services.msc