Jump to content

Change Mode

Recommended Posts

ogfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:49:37 PM, on 2/29/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/?cookieattempt=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: RDL Rolex - {6027FDCA-AE2C-438B-8535-3A96C154F97C} - C:\WINDOWS\dgtxrdfqnt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: ekvgsnw - {7EB9F20D-11C7-4D4C-828A-A29F010BD259} - C:\WINDOWS\ekvgsnw.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O21 - SSODL: alofkmn - {E87CFF78-9AB1-441A-9FB1-8D2D3601E92C} - C:\WINDOWS\alofkmn.dll

O21 - SSODL: bxlrvps - {69AB84BB-A95E-46ED-8628-C202B887B621} - C:\WINDOWS\bxlrvps.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

 

--

End of file - 9605 bytes

Link to post
Share on other sites

Please download WinPFind35u.exe

Save to your Desktop

Double-click on it to extract the files.

It creates a folder named WinPFind35u on your desktop.

 

Now, close all other windows

  • Open the WinPFind3u folder
  • Double-click on WinPFind35U.exe to start the program
  • In the Drivers section click on Non-Microsoft
  • Under Additional Scans check the following:
    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button
  • Let the program run unhindered until it finishes.
  • When the scan is completed, Notepad opens with a report
You need to provide the WinPFind35 report in your reply.

 

~~~~

Next, download SDFix

Save it to the Desktop

Right-click SDFix.zip, and select: Extract all…

Follow the prompts

 

Double click SDFix.exe

In the prompt that appears, select: Install

The program is normally installed in: C:\SDFix

 

~~~~

Start the computer in Safe Mode:

  • When the machine starts, tap the F8 key before Windows appears
  • You are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode using the arrow keys.
  • Press Enter to boot into Safe Mode.
~~~~

Now, go to C:\SDFix, and double click RunThis.bat

Type Y to begin the cleanup process.

The process removes any trojans or Registry Entries found, and then prompts you to press any key to Reboot.

 

Press any key to restart the PC.

When the PC restarts the SDFix will run again and complete the removal process

It then displays Finished

Press any key to end the script and load the Desktop icons.

 

Once the Desktop icons load, the SDFix report opens on screen and also saves itself in the SDFix folder as Report.txt.

 

~~~~

Run HijackThis once again to obtain a new log.

 

~~~~

Please post the contents of the WinPFind35 report , the SDFix Report.txt, and a new HijackThis log.

Link to post
Share on other sites

Please download WinPFind35u.exe

Save to your Desktop

Double-click on it to extract the files.

It creates a folder named WinPFind35u on your desktop.

 

Now, close all other windows

  • Open the WinPFind3u folder
  • Double-click on WinPFind35U.exe to start the program
  • In the Drivers section click on Non-Microsoft
  • Under Additional Scans check the following:
    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button
  • Let the program run unhindered until it finishes.
  • When the scan is completed, Notepad opens with a report
You need to provide the WinPFind35 report in your reply.

 

~~~~

Next, download SDFix

Save it to the Desktop

Right-click SDFix.zip, and select: Extract all…

Follow the prompts

 

Double click SDFix.exe

In the prompt that appears, select: Install

The program is normally installed in: C:\SDFix

 

~~~~

Start the computer in Safe Mode:

  • When the machine starts, tap the F8 key before Windows appears
  • You are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode using the arrow keys.
  • Press Enter to boot into Safe Mode.
~~~~

Now, go to C:\SDFix, and double click RunThis.bat

Type Y to begin the cleanup process.

The process removes any trojans or Registry Entries found, and then prompts you to press any key to Reboot.

 

Press any key to restart the PC.

When the PC restarts the SDFix will run again and complete the removal process

It then displays Finished

Press any key to end the script and load the Desktop icons.

 

Once the Desktop icons load, the SDFix report opens on screen and also saves itself in the SDFix folder as Report.txt.

 

~~~~

Run HijackThis once again to obtain a new log.

 

~~~~

Please post the contents of the WinPFind35 report , the SDFix Report.txt, and a new HijackThis log.

 

b]SDFix: Version 1.149 [/b]

 

Run by Rebecca Farris on Fri 02/29/2008 at 08:38 PM

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\REBECC~1\Desktop\SDFix\SDFix

 

Checking Services :

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Default HomePage Value

Restoring Default Desktop Components Value

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\alofkmn.dll - Deleted

C:\WINDOWS\bxlrvps.dll - Deleted

C:\WINDOWS\dat.txt - Deleted

C:\WINDOWS\ekvgsnw.dll - Deleted

C:\WINDOWS\fkxvkns.exe - Deleted

C:\WINDOWS\rs.txt - Deleted

C:\WINDOWS\DGTXRD~1.DLL - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-29 20:45:21

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

Remaining Files :

 

 

File Backups: - C:\DOCUME~1\REBECC~1\Desktop\SDFix\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Tue 3 May 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Thu 7 Dec 2006 72,704 ..SHR --- "C:\Program Files\On Hand Software\Brain Games 3\Setup.exe"

Wed 30 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Sat 28 Jun 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"

Tue 21 Jan 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg_old.reg"

Tue 21 Jan 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient_old.reg"

Sat 28 Jun 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"

Tue 3 May 2005 4,348 ...H. --- "C:\Documents and Settings\Rebecca Farris\My Documents\My Music\License Backup\drmv1key.bak"

Mon 14 Aug 2006 20 A..H. --- "C:\Documents and Settings\Rebecca Farris\My Documents\My Music\License Backup\drmv1lic.bak"

Tue 30 May 2006 400 A.SH. --- "C:\Documents and Settings\Rebecca Farris\My Documents\My Music\License Backup\drmv2key.bak"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB50.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB51.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB52.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB53.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB54.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB55.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB56.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB57.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB58.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB59.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB5A.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB5B.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB5C.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB5D.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB5E.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB5F.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB60.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB61.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB62.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB63.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB64.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB65.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB66.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB67.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB68.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB69.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB6A.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB6B.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB6C.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB6D.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB6E.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB6F.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB70.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB71.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB72.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB73.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB74.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB75.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB76.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB77.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB78.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB79.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB7A.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB7B.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB7C.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB7D.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB7E.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB7F.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB80.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB81.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB82.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB83.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB84.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB85.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB86.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB87.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB88.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB89.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB8A.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB8B.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB8C.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB8D.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB8E.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB8F.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB90.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB91.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB92.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB93.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB94.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB95.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB96.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB97.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB98.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB99.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB9A.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB9B.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB9C.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB9D.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB9E.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB9F.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA0.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA1.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA2.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA3.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA4.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA5.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA6.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA7.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA8.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA9.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBAA.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBAB.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBAC.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBAD.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBAE.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBAF.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB0.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB1.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB2.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB3.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB4.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB5.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB6.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB7.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB8.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB9.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBBA.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBBB.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBBC.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBBD.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBBE.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBBF.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC0.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC1.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC2.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC3.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC4.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC5.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC6.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC7.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC8.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC9.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBCA.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBCB.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBCC.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBCD.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBCE.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBCF.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD0.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD1.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD2.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD3.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD4.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD5.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD6.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD7.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD8.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD9.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBDA.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBDB.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBDC.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBDD.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBDE.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBDF.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE0.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE1.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE2.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE3.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE4.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE5.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE6.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE7.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE8.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE9.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBEA.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBEB.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBEC.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBED.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBEE.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBEF.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF0.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF1.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF2.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF3.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF4.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF5.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF6.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF7.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF8.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF9.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBFA.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBFB.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBFC.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBFD.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBFE.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBFF.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC00.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC01.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC02.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC03.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC04.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC05.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC06.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC07.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC08.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC09.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC0A.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC0B.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC0C.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC0D.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC0E.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC0F.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC10.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC11.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC12.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC13.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC14.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC15.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC16.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC17.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC18.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC19.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC1A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC1B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC1C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC1D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC1E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC1F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC20.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC21.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC22.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC23.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC24.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC25.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC26.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC27.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC28.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC29.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC2A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC2B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC2C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC2D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC2E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC2F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC30.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC31.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC32.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC33.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC34.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC35.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC36.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC37.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC38.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC39.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC3A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC3B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC3C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC3D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC3E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC3F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC40.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC41.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC42.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC43.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC44.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC45.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC46.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC47.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC48.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC49.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC4A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC4B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC4C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC4D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC4E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC4F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC50.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC51.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC52.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC53.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC54.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC55.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC56.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC57.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC58.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC59.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC5A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC5B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC5C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC5D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC5E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC5F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC60.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC61.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC62.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC63.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC64.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC65.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC66.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC67.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC68.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC69.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC6A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC6B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC6C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC6D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC6E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC6F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC70.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC71.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC72.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC73.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC74.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC75.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC76.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC77.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC78.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC79.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC7A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC7B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC7C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC7D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC7E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC7F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC80.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC81.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC82.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC83.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC84.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC85.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC86.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC87.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC88.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC89.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC8A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC8B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC8C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC8D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC8E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC8F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC90.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC91.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC92.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC93.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC94.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC95.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC96.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LO

Link to post
Share on other sites

Please post all the information requested:

The WinPFind35 report

SDFix report.txt

 

It may take more than one post to provide the information. If so, just do consecutive posts, one after the other.

 

Thank you!

Link to post
Share on other sites

Please post all the information requested:

The WinPFind35 report

SDFix report.txt

 

It may take more than one post to provide the information. If so, just do consecutive posts, one after the other.

 

Thank you!

 

sorry about that, hear you gode]

WinPFind35 logfile created on: 2/29/2008 8:10:55 PM

WinPFind35U Version 1.0.2.2 Folder = C:\Documents and Settings\Rebecca Farris\Desktop\WinPFind35u

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

510.48 Mb Total Physical Memory | 116.37 Mb Available Physical Memory | 22.80% Memory free

862.30 Mb Paging File | 417.26 Mb Available in Paging File | 48.39% Paging File free

Paging file location(s): C:\pagefile.sys 384 768;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.84 Gb Total Space | 47.31 Gb Free Space | 84.72% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: D24XP921

Current User Name: Rebecca Farris

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

 

[Processes - Non-Microsoft Only]

bcmsmmsg.exe -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 3:59:24 AM | Attr = ]

ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 1.0.10.006 | Size = 54296 bytes | Modified Date = 12/2/2003 4:11:04 PM | Attr = ]

aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 5/15/2006 5:24:33 PM | Attr = ]

hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ]

ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.2.0 | Size = 57344 bytes | Modified Date = 2/15/2005 3:10:16 PM | Attr = ]

zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]

ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 5:23:34 PM | Attr = ]

ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 1.03.4 | Size = 317128 bytes | Modified Date = 11/13/2002 4:44:02 PM | Attr = ]

ctsvccda.exe -> %SystemRoot%\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 7:01:00 PM | Attr = ]

dkservice.exe -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 12.0.758.0 | Size = 1094936 bytes | Modified Date = 10/16/2007 7:04:12 PM | Attr = ]

navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 9.05.1015 | Size = 116336 bytes | Modified Date = 11/14/2002 7:41:26 PM | Attr = ]

hpzipm12.exe -> %SystemRoot%\SYSTEM32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 3/2/2006 7:49:14 PM | Attr = ]

sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/6/2006 9:53:19 AM | Attr = ]

vsmon.exe -> %SystemRoot%\SYSTEM32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]

symwsc.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 4:59:50 PM | Attr = ]

swdoctor.exe -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 4.0.0.2621 | Size = 2115728 bytes | Modified Date = 12/13/2006 6:56:50 AM | Attr = ]

winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.2.2 | Size = 310784 bytes | Modified Date = 2/28/2008 2:42:00 PM | Attr = ]

 

[Win32 Services - Non-Microsoft Only]

(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 5/15/2006 5:24:33 PM | Attr = ]

(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 1.03.4 | Size = 317128 bytes | Modified Date = 11/13/2002 4:44:02 PM | Attr = ]

(ccPwdSvc) Symantec Password Validation Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 1.0.10.006 | Size = 99352 bytes | Modified Date = 12/2/2003 4:11:14 PM | Attr = ]

(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 7:01:00 PM | Attr = ]

(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 12.0.758.0 | Size = 1094936 bytes | Modified Date = 10/16/2007 7:04:12 PM | Attr = ]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr = ]

(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 8/26/2007 5:04:19 AM | Attr = ]

(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.166 | Size = 2086592 bytes | Modified Date = 5/15/2006 5:24:33 PM | Attr = ]

(navapsvc) Norton AntiVirus Auto Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 9.05.1015 | Size = 116336 bytes | Modified Date = 11/14/2002 7:41:26 PM | Attr = ]

(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Running] -> -> File not found

(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBServ.exe -> Symantec Corporation [Ver = 1, 1, 0, 126 | Size = 54408 bytes | Modified Date = 8/13/2001 11:18:36 PM | Attr = ]

(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/6/2006 9:53:19 AM | Attr = ]

(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 10:17:22 AM | Attr = ]

(SymWSC) SymWMI Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 4:59:50 PM | Attr = ]

(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]

 

[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found

(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 1:15:00 PM | Attr = ]

(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 1:51:56 PM | Attr = ]

(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 12:07:42 AM | Attr = ]

(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 1:52:00 PM | Attr = ]

(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 1:51:58 PM | Attr = ]

(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\aspi32.sys -> Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Modified Date = 9/10/1999 6:06:00 AM | Attr = ]

(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found

(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\bcm4sbxp.sys -> Broadcom Corporation [Ver = 3.48.0.0 built by: WinDDK | Size = 41728 bytes | Modified Date = 9/19/2002 7:44:02 AM | Attr = ]

(BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\BCMSM.sys -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:05:01 | Size = 1101696 bytes | Modified Date = 8/29/2003 3:59:24 AM | Attr = ]

(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> -> File not found

(Changer) Changer [Kernel | System | Stopped] -> -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 1:51:54 PM | Attr = ]

(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1081-2.04.0050 | Size = 138752 bytes | Modified Date = 1/9/2005 8:15:24 PM | Attr = R ]

(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 1:52:16 PM | Attr = ]

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 12:07:17 AM | Attr = ]

(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 12:07:16 AM | Attr = ]

(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]

(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 8/17/2001 12:11:06 PM | Attr = ]

(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Modified Date = 12/14/2004 10:07:44 AM | Attr = R ]

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Modified Date = 12/14/2004 10:07:44 AM | Attr = R ]

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Modified Date = 12/14/2004 10:07:44 AM | Attr = R ]

(i81x) i81x [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\i81xnt5.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 161020 bytes | Modified Date = 8/3/2004 11:29:36 PM | Attr = ]

(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv01nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12415 bytes | Modified Date = 8/3/2004 11:29:37 PM | Attr = ]

(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv02nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12127 bytes | Modified Date = 8/3/2004 11:29:37 PM | Attr = ]

(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv05nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11775 bytes | Modified Date = 8/3/2004 11:29:37 PM | Attr = ]

(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wsiintxx.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12063 bytes | Modified Date = 8/3/2004 11:29:47 PM | Attr = ]

(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wvchntxx.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 19455 bytes | Modified Date = 8/3/2004 11:29:49 PM | Attr = ]

(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv01nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 29311 bytes | Modified Date = 8/3/2004 11:29:41 PM | Attr = ]

(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv02nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 19551 bytes | Modified Date = 8/3/2004 11:29:42 PM | Attr = ]

(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wATV03nt.sys -> File not found

(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv04nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 33599 bytes | Modified Date = 8/3/2004 11:29:43 PM | Attr = ]

(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wch7xxnt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 23615 bytes | Modified Date = 8/3/2004 11:29:45 PM | Attr = ]

(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4342 | Size = 807998 bytes | Modified Date = 10/19/2005 7:59:12 AM | Attr = ]

(ikhfile) File Security Kernel Anti-Spyware Driver [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ikhfile.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2014 | Size = 30592 bytes | Modified Date = 7/10/2006 3:38:38 PM | Attr = ]

(ikhlayer) Kernel Anti-Spyware Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ikhlayer.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2011 | Size = 51072 bytes | Modified Date = 8/24/2006 10:40:36 AM | Attr = ]

(KLIF) KLIF [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Modified Date = 7/19/2007 3:10:28 PM | Attr = ]

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found

(MCSTRM) MCSTRM [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mcstrm.sys -> RealNetworks, Inc. [Ver = 5.0.2195.8 | Size = 8413 bytes | Modified Date = 3/3/2005 6:29:27 PM | Attr = ]

(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 1:52:12 PM | Attr = ]

(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080227.003\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.2.10 | Size = 82256 bytes | Modified Date = 2/20/2008 3:00:00 AM | Attr = ]

(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080227.003\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.2.10 | Size = 895376 bytes | Modified Date = 2/20/2008 3:00:00 AM | Attr = ]

(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 11:29:54 PM | Attr = ]

(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 318, 0 | Size = 17153 bytes | Modified Date = 7/19/2002 10:22:08 AM | Attr = ]

(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.1081-2.04.0050 | Size = 106496 bytes | Modified Date = 1/9/2005 8:15:30 PM | Attr = R ]

(P17) Sound Blaster Audigy [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\P17.sys -> Creative Technology Ltd. [Ver = 5.12.01.512 | Size = 1389056 bytes | Modified Date = 7/6/2005 6:14:30 PM | Attr = R ]

(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 8/15/2007 4:33:10 PM | Attr = ]

(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr = ]

(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr = ]

(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 1:52:18 PM | Attr = ]

(SAVRT) SAVRT [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SAVRT.SYS -> Symantec Corporation [Ver = 9.0.2.1 | Size = 235744 bytes | Modified Date = 9/18/2003 1:47:48 PM | Attr = ]

(SAVRTPEL) SAVRTPEL [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SAVRTPEL.SYS -> Symantec Corporation [Ver = 9.0.2.1 | Size = 35552 bytes | Modified Date = 9/18/2003 1:47:56 PM | Attr = ]

(SDDMI2) SDDMI2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DDMI2.sys -> Gteko Ltd. [Ver = 1, 0, 0, 7 | Size = 6977 bytes | Modified Date = 6/9/2004 8:29:56 AM | Attr = ]

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr = ]

(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found

(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 12:07:42 AM | Attr = ]

(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3515 | Size = 545208 bytes | Modified Date = 8/5/2002 9:23:58 AM | Attr = ]

(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 2:07:44 PM | Attr = ]

(srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 187, 0 | Size = 51176 bytes | Modified Date = 10/18/2007 8:18:44 PM | Attr = ]

(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 2:07:34 PM | Attr = ]

(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 2:07:36 PM | Attr = ]

(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.8.1 | Size = 124016 bytes | Modified Date = 9/15/2006 9:52:12 PM | Attr = ]

(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symredrv.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 17976 bytes | Modified Date = 4/5/2005 10:17:00 AM | Attr = ]

(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symtdi.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 267192 bytes | Modified Date = 4/5/2005 10:17:02 AM | Attr = ]

(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 2:07:40 PM | Attr = ]

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 2:07:42 PM | Attr = ]

(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 1:52:22 PM | Attr = ]

(vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 394952 bytes | Modified Date = 11/14/2007 4:05:16 PM | Attr = ]

(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wanatw4.sys -> File not found

(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | System | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmsbw.sys -> Intel Corporation [Ver = 6.13.01.3162 | Size = 90784 bytes | Modified Date = 6/21/2002 6:45:48 PM | Attr = ]

({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmkchw.sys -> Intel Corporation [Ver = 6.13.01.3162 | Size = 69792 bytes | Modified Date = 6/21/2002 6:45:58 PM | Attr = ]

 

[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

BCMSMMSG -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 3:59:24 AM | Attr = ]

ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 1.0.10.006 | Size = 54296 bytes | Modified Date = 12/2/2003 4:11:04 PM | Attr = ]

ccRegVfy -> %CommonProgramFiles%\Symantec Shared\ccRegVfy.exe -> Symantec Corporation [Ver = 1.0.10.006 | Size = 58392 bytes | Modified Date = 12/2/2003 4:11:12 PM | Attr = ]

CTSysVol -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.2.0 | Size = 57344 bytes | Modified Date = 2/15/2005 3:10:16 PM | Attr = ]

HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ]

IgfxTray -> %SystemRoot%\SYSTEM32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 10/19/2005 7:59:14 AM | Attr = ]

P17Helper -> %SystemRoot%\SYSTEM32\P17.dll -> [Ver = 1.0.1.41 | Size = 64512 bytes | Modified Date = 5/2/2005 9:38:42 PM | Attr = R ]

PC Pitstop Optimize Scheduler -> %ProgramFiles%\PCPitstop\Optimize\PCPOptimize.exe -> PC Pitstop, LLC. [Ver = 1.5.12.1 | Size = 2577120 bytes | Modified Date = 10/26/2007 3:53:18 PM | Attr = ]

RegistryMechanic -> -> File not found

Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 4/30/2005 10:42:55 AM | Attr = ]

UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 | Attr = ]

ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 5:23:34 PM | Attr = ]

updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 3:45:08 PM | Attr = R ]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->

%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 9:05:26 PM | Attr = ]

< Rebecca Farris Startup Folder > -> C:\Documents and Settings\Rebecca Farris\Start Menu\Programs\Startup ->

< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->

{E87CFF78-9AB1-441A-9FB1-8D2D3601E92C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\alofkmn.dll [alofkmn] -> [Ver = 1, 0, 0, 1 | Size = 282624 bytes | Modified Date = 2/29/2008 11:58:48 AM | Attr = ]

{69AB84BB-A95E-46ED-8628-C202B887B621} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bxlrvps.dll [bxlrvps] -> [Ver = | Size = 339968 bytes | Modified Date = 2/29/2008 11:58:48 AM | Attr = ]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->

igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 10/19/2005 7:59:14 AM | Attr = ]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 2 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\Wallpaper -> 2‘| ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->

< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->

HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/...rch/search.html ->

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->

HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKEY_CURRENT_USER\: Main\\Start Page -> http://www6.comcast.net/a/?cookieattempt=1 ->

HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->

HKEY_CURRENT_USER\: ProxyEnable -> 0 ->

HKEY_CURRENT_USER\: ProxyOverride -> http://localhost ->

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->

1 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->

{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 3:16:42 AM | Attr = ]

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Modified Date = 8/1/2006 1:27:06 PM | Attr = ]

{6027FDCA-AE2C-438B-8535-3A96C154F97C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\dgtxrdfqnt.dll [RDL Rolex] -> [Ver = | Size = 221184 bytes | Modified Date = 2/29/2008 11:58:50 AM | Attr = ]

{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 10:55:32 PM | Attr = R ]

{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 8/1/2006 1:23:12 PM | Attr = ]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->

{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 10:55:32 PM | Attr = R ]

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Norton AntiVirus] -> File not found

{7EB9F20D-11C7-4D4C-828A-A29F010BD259} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\ekvgsnw.dll [ekvgsnw] -> [Ver = | Size = 172032 bytes | Modified Date = 2/29/2008 11:58:54 AM | Attr = ]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->

ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Norton AntiVirus] -> File not found

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 10:55:32 PM | Attr = R ]

WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Norton AntiVirus] -> File not found

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}:{A1EDC4A1-940F-48E0-8DFD-E38F1D501021} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [spyware Doctor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 8/1/2006 1:23:12 PM | Attr = ]

{4528BBE0-4E08-11D5-AD55-00010333D0AD}:{4C171D40-8277-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0411.dll [Messenger] -> Yahoo! Inc. [Ver = 2003, 4, 11, 1 | Size = 296120 bytes | Modified Date = 1/26/2004 6:51:02 PM | Attr = ]

{669B269B-0D4E-41FB-A3D8-FD67CA94F646}:Exec -> [ComcastHSI] -> File not found

{8828075D-D097-4055-AA02-2DBFA9D85E8A}:Exec -> [support] -> File not found

{97809617-3937-4F84-B335-9BB05EF1A8D4}:Exec -> [Help] -> File not found

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->

CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [spyware Doctor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 8/1/2006 1:23:12 PM | Attr = ]

CmdMapping\\{307D80B7-6553-42FB-9C99-19841353B4F0} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0411.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 4, 11, 1 | Size = 296120 bytes | Modified Date = 1/26/2004 6:51:02 PM | Attr = ]

CmdMapping\\{669B269B-0D4E-41FB-A3D8-FD67CA94F646} [HKEY_LOCAL_MACHINE] -> [ComcastHSI] -> File not found

CmdMapping\\{8828075D-D097-4055-AA02-2DBFA9D85E8A} [HKEY_LOCAL_MACHINE] -> [support] -> File not found

CmdMapping\\{97809617-3937-4F84-B335-9BB05EF1A8D4} [HKEY_LOCAL_MACHINE] -> [Help] -> File not found

CmdMapping\\{C21AE3DD-2E97-406B-8C87-A9AD5BBD49D1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->

PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->

PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->

{9BED7DBF-3840-4714-B711-0F0F61F787FC} -> (Broadcom 440x 10/100 Integrated Controller) ->

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab[QuickTime Plugin Control] ->

{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] ->

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] ->

{33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] ->

{9732FB42-C321-11D1-836F-00A0C993F125}[HKEY_LOCAL_MACHINE] -> http://www.pcpitstop.com/mhLbl.cab[mhLabel Class] ->

{9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/...7667.4810300926[Reg Error: Key does not exist or could not be opened.] ->

{D0C0F75C-683A-4390-A791-1ACFD5599AB8}[HKEY_LOCAL_MACHINE] -> http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab[Oberon Flash Game Host] ->

{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/7/E...04/clearadj.cab[CTAdjust Class] ->

DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->

 

 

[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableRemoteConnect -> Y ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 ->

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->

msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:43 AM | Attr = ]

*MultiFile Done* -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->

kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:49:30 AM | Attr = ]

msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:43 AM | Attr = ]

schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 8:21:15 AM | Attr = ]

wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 10:37:50 PM | Attr = ]

*MultiFile Done* -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 700 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->

scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr = ]

*MultiFile Done* -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->

Windows NT Access Provider -> -> File not found

*MultiFile Done* -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr = ]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa&

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:52:25 PM, on 2/29/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

 

--

End of file - 9120 bytes

Link to post
Share on other sites

Please download Malwarebytes' Anti-Malware (MBAM)

Save the program to the Desktop

Close all Windows, including this one. (Print the instructions first)

 

On the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts

  • If an update is found, MBAM will download and install the latest.
  • Click OK
At the main program window
  • Make sure the following is checked: Perform Quick Scan
  • Click: Scan
  • When the scan completes, a message box appears as shown in the image below:

    Posted Image

  • Click OK
At the main Scanner screen:
  • Click on: Show Results
  • A screen displaying the malware found shows as seen in the image below. (Results may be different.)

    Posted Image

  • Make sure everything found is checked, and click: Remove Selected
  • When the disinfection is complete, you may be prompted to Restart. Please do so.
  • When MBAM finishes removing the malware, a log opens in Notepad
  • The log is automatically saved and can be viewed by clicking the Logs tab.
~~~~

Please provide the contents of the MBAM report.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.05

Database version: 437

 

Scan type: Quick Scan

Objects scanned: 30375

Time elapsed: 10 minute(s), 8 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 26

Files Infected: 108

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adware remover (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AdwareRemover.exe (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mandel Enterprise (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ekvgsnw.brtd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

C:\Program Files\Adware Remover (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\Logs (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\AdRoar (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Alexa Related (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\BroadcastPC (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Browser Hijack (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Cookies (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Cydoor (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\eAcceleration (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\eUniverse (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\FSG (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\GAIN (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\HuntBar (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\IBIS Toolbar (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\KeenValue.PerfectNav (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\MarketScore (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\New.Net (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\StartNow.HyperBar (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\TopMoxie(WebSavings) (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\TV Media (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Twain-Tech (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\VX2 (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\WebHancer (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\WebSearchToolbar (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\Rebecca Farris\Start Menu\Programs\Adware Remover (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

 

Files Infected:

C:\Program Files\Adware Remover\Adware Remover.url (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\AdwareRemover.exe (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\uninst.exe (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\Logs\debug.log (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\Logs\ObjectsFound.log (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\Logs\ObjectsRemoved.log (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\version.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\AdRoar\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\AdRoar\files.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\AdRoar\filespaths.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\AdRoar\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\AdRoar\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Alexa Related\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Alexa Related\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\BroadcastPC\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\BroadcastPC\files.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\BroadcastPC\filespaths.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\BroadcastPC\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\BroadcastPC\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Browser Hijack\helper.dll (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Cookies\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Cookies\files.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Cookies\filespaths.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Cookies\fixedfiles.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Cydoor\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Cydoor\fixedfiles.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Cydoor\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Cydoor\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Cydoor\registry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Cydoor\registrypaths.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\eAcceleration\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\eAcceleration\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\eUniverse\cookies.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\eUniverse\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\eUniverse\files.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\eUniverse\filespaths.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\eUniverse\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\eUniverse\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\FSG\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\FSG\fixedfiles.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\FSG\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\GAIN\cookies.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\GAIN\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\GAIN\fixedfiles.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\GAIN\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\GAIN\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\HuntBar\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\HuntBar\fixedfiles.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\HuntBar\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\HuntBar\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\IBIS Toolbar\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\IBIS Toolbar\files.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\IBIS Toolbar\filespaths.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\IBIS Toolbar\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\IBIS Toolbar\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\KeenValue.PerfectNav\cookies.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\KeenValue.PerfectNav\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\KeenValue.PerfectNav\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\MarketScore\cookies.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\MarketScore\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\MarketScore\fixedfiles.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\MarketScore\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\MarketScore\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\New.Net\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\New.Net\files.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\New.Net\filespaths.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\New.Net\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\New.Net\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\New.Net\providers.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\New.Net\uninstallers.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\StartNow.HyperBar\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\StartNow.HyperBar\fixedfiles.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\StartNow.HyperBar\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\TopMoxie(WebSavings)\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\TopMoxie(WebSavings)\files.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\TopMoxie(WebSavings)\filespaths.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\TopMoxie(WebSavings)\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\TopMoxie(WebSavings)\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\TV Media\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\TV Media\files.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\TV Media\filespaths.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\TV Media\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\TV Media\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Twain-Tech\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Twain-Tech\files.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Twain-Tech\filespaths.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Twain-Tech\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\Twain-Tech\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\VX2\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\VX2\files.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\VX2\filespaths.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\VX2\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\VX2\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\WebHancer\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\WebHancer\files.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\WebHancer\filespaths.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\WebHancer\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\WebHancer\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\WebHancer\providers.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\WebSearchToolbar\description.html (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\WebSearchToolbar\files.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\WebSearchToolbar\filespaths.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\WebSearchToolbar\fixedregistry.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Program Files\Adware Remover\SpyWares\WebSearchToolbar\processes.txt (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\Rebecca Farris\Start Menu\Programs\Adware Remover\Adware Remover.lnk (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\Rebecca Farris\Start Menu\Programs\Adware Remover\Uninstall.lnk (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\Rebecca Farris\Start Menu\Programs\Adware Remover\Website.lnk (Rogue.AdwareRemover) -> Quarantined and deleted successfully.

Link to post
Share on other sites

No more malware problems, everything looks great. Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:06:06 PM, on 3/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

 

.

Link to post
Share on other sites

Please run HijackThis, Scan

Check box for:

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

 

Select: Fix checked

 

~~~~

Posted Image

 

If you are not having malware problems, you are good to go!

 

Please do the following to wrap up:

 

To remove the tools used, do the following:

Start WinPFind35

Click the CleanUp button

  • WinPFind35 downloads a small file from the Internet.
  • If a security program or firewall warns of this, allow it to download.
  • WinPFind35 deletes any tools downloaded and files/folders created
  • If asked to reboot, click: Yes
~~~~

Next, go to Start > Run< in the Open area type in: control sysdm.cpl,,4

Press: Enter

Check the box: Turn off System Restore on all drives

Click: Apply

 

You will be prompted to restart the computer.

Click: Yes

 

Now, turn on System Restore by removing the check on: Turn off System Restore on all drives

Click: OK

 

 

 

Some of the best suggestions and programs to remain malware free are contained in Tony Klein’s article:

How Did I Get Infected In The First Place

 

It is also a very good practice to perform an online virus scan on a regular basis.

Scanners do not have identical malware definitions, and what one misses, another one can catch.

Some of the scanners are:

BitDefender Online Scanner

ESET NOD32 Online Scanner

F-Secure Online Scanner

Panda ActiveScan

TrendMicro HouseCall

 

~~~~

If you have any questions or comments, post back. Otherwise...

 

Good luck, safe journey through the Internet!!

Link to post
Share on other sites

ok, everything looks good, I appreciate all of your help, thank you.

Please run HijackThis, Scan

Check box for:

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

 

Select: Fix checked

 

~~~~

Posted Image

 

If you are not having malware problems, you are good to go!

 

Please do the following to wrap up:

 

To remove the tools used, do the following:

Start WinPFind35

Click the CleanUp button

  • WinPFind35 downloads a small file from the Internet.
  • If a security program or firewall warns of this, allow it to download.
  • WinPFind35 deletes any tools downloaded and files/folders created
  • If asked to reboot, click: Yes
~~~~

Next, go to Start > Run< in the Open area type in: control sysdm.cpl,,4

Press: Enter

Check the box: Turn off System Restore on all drives

Click: Apply

 

You will be prompted to restart the computer.

Click: Yes

 

Now, turn on System Restore by removing the check on: Turn off System Restore on all drives

Click: OK

Some of the best suggestions and programs to remain malware free are contained in Tony Klein’s article:

How Did I Get Infected In The First Place

 

It is also a very good practice to perform an online virus scan on a regular basis.

Scanners do not have identical malware definitions, and what one misses, another one can catch.

Some of the scanners are:

BitDefender Online Scanner

ESET NOD32 Online Scanner

F-Secure Online Scanner

Panda ActiveScan

TrendMicro HouseCall

 

~~~~

If you have any questions or comments, post back. Otherwise...

 

Good luck, safe journey through the Internet!!

 

Link to post
Share on other sites
×
×
  • Create New...