im not making myself clear here i don’t think this is where i have stalled out from this reply you game me when you left for work, could you please read over your instructions to me in the quote above its the thrid bullet i am asking about… ?

and in answer to the question about about did i see the 32 scanners that tested the file yes i did… that is what i was asking if you wanted me to do it again so you could see the list of the 32 scanners? I have NOT done anything past this yet as ive been confused as you can see! sorry… O have stalled out at reply 271… but my last post was directed to that!
Thanks susie

Hi

No, don’t check anthing under additional scans, just skip down to the next step. ;D 8)

Sure, I’d like to see the report on the file you submitted. :slight_smile:

Suzie - just make it look like this :slight_smile:

here is the report from VirusTotal

File tmp.reg received on 11.06.2007 17:19:32 (CET)
Current status: Loading … queued waiting scanning finished NOT FOUND STOPPED

Result: 0/32 (0%)
Loading server information…
Your file is queued in position: 6.
Estimated start time is between 61 and 87 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they’re generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click “request” so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.11.7.0 2007.11.06 -
AntiVir 7.6.0.30 2007.11.06 -
Authentium 4.93.8 2007.11.05 -
Avast 4.7.1074.0 2007.11.05 -
AVG 7.5.0.503 2007.11.06 -
BitDefender 7.2 2007.11.06 -
CAT-QuickHeal 9.00 2007.11.06 -
ClamAV 0.91.2 2007.11.06 -
DrWeb 4.44.0.09170 2007.11.06 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5270 2007.11.05 -
Ewido 4.0 2007.11.06 -
FileAdvisor 1 2007.11.06 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.06 -
F-Secure 6.70.13030.0 2007.11.06 -
Ikarus T3.1.1.12 2007.11.06 -
Kaspersky 7.0.0.125 2007.11.06 -
McAfee 5156 2007.11.05 -
Microsoft 1.3007 2007.11.06 -
NOD32v2 2641 2007.11.06 -
Norman 5.80.02 2007.11.06 -
Panda 9.0.0.4 2007.11.06 -
Prevx1 V2 2007.11.06 -
Rising 20.17.12.00 2007.11.06 -
Sophos 4.23.0 2007.11.06 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.06 -
TheHacker 6.2.9.117 2007.11.06 -
VBA32 3.12.2.4 2007.11.06 -
VirusBuster 4.3.26:9 2007.11.05 -
Webwasher-Gateway 6.0.1 2007.11.06 -
Additional information
File size: 6238 bytes
MD5: 6bbd0b95dd8e5278a2801fe5af9c2f5e
SHA1: 00eb322355e6c04755e32c89b6404939f76c4dfa
packers: Unicode
packers: Unicode

Thanks for the scan results. I was just curious about the last part with the numbers. Might be able to find a match. Carry on with your scan. Will check back later. If everything goes well we’ll do the cleanup tonight. ;D

Here is the WinPFind3u report log… and ty for sticking with me even in my thick moments… im off to work myself but wanted to leave this for you all before i left… take care thanks again!

WinPFind3 logfile created on: 11/6/2007 8:37:41 AM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\HP_Owner\Desktop\WinPFind3u
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

503.48 Mb Total Physical Memory | 182.95 Mb Available Physical Memory | 36.34% Memory free
1.20 Gb Paging File | 0.89 Gb Available in Paging File | 74.30% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.08 Gb Total Space | 50.03 Gb Free Space | 72.41% Space Free
Drive D: | 7.59 Gb Total Space | 2.27 Gb Free Space | 29.93% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-4F1261A8E5
Current User Name: HP_Owner
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
agrsmmsg.exe → %SystemRoot%\AGRSMMSG.exe → Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 4:06:38 PM | Attr = ]
alcxmntr.exe → %SystemRoot%\ALCXMNTR.EXE → Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 7:47:52 PM | Attr = ]
aolacsd.exe → %CommonProgramFiles%\AOL\ACS\AOLacsd.exe → AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 4:50:36 AM | Attr = R ]
aolsp scheduler.exe → %CommonProgramFiles%\AOL\AOL Spyware Protection\AOLSP Scheduler.exe → [Ver = 1, 0, 0, 74 | Size = 79448 bytes | Modified Date = 10/18/2004 3:42:18 PM | Attr = ]
aoltray.exe → %ProgramFiles%\America Online 9.0\aoltray.exe → America Online, Inc. [Ver = 9.00.001 | Size = 156784 bytes | Modified Date = 8/24/2004 3:08:44 PM | Attr = H ]
ashdisp.exe → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 2:06:10 AM | Attr = ]
ashmaisv.exe → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 2:05:42 AM | Attr = ]
ashserv.exe → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 2:06:04 AM | Attr = ]
ashwebsv.exe → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 2:04:44 AM | Attr = ]
aswupdsv.exe → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 1:54:58 AM | Attr = ]
cmdagent.exe → %ProgramFiles%\Comodo\Firewall\cmdagent.exe → COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 11/5/2007 8:29:46 AM | Attr = ]
cpf.exe → %ProgramFiles%\Comodo\Firewall\cpf.exe → COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 11/5/2007 8:29:46 AM | Attr = ]
fxsvr2.exe → %ProgramFiles%\Logitech\Video\FxSvr2.exe → Logitech Inc. [Ver = 8.4.7.1034 | Size = 192512 bytes | Modified Date = 6/8/2005 1:44:56 PM | Attr = ]
googletoolbarnotifier.exe → %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe → Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/9/2007 5:53:56 PM | Attr = ]
hkcmd.exe → %System32%\hkcmd.exe → Intel Corporation [Ver = 3.0.0.3943 | Size = 126976 bytes | Modified Date = 11/2/2004 2:59:42 PM | Attr = ]
hpgs2wnd.exe → %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe → Hewlett-Packard [Ver = 2,4,0,26 | Size = 57344 bytes | Modified Date = 7/3/2001 9:11:52 AM | Attr = ]
hpgs2wnf.exe → %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe → [Ver = 2,4,0,26 | Size = 65536 bytes | Modified Date = 7/3/2001 9:17:04 AM | Attr = ]
hphmon06.exe → %System32%\hphmon06.exe → Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 6/7/2004 5:42:30 PM | Attr = ]
hpobrt07.exe → %ProgramFiles%\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe → Hewlett-Packard Co. [Ver = 2.00 | Size = 491580 bytes | Modified Date = 2/3/2003 4:46:20 PM | Attr = ]
hpoevm07.exe → %ProgramFiles%\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe → Hewlett-Packard Co. [Ver = 1.00 | Size = 299008 bytes | Modified Date = 4/30/2002 4:46:44 PM | Attr = ]
hpoipm07.exe → %System32%\hpoipm07.exe → HP [Ver = 4, 5, 0, 767 | Size = 69632 bytes | Modified Date = 4/30/2002 4:23:18 PM | Attr = ]
hposts07.exe → %ProgramFiles%\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe → Hewlett-Packard Co. [Ver = 1.00 | Size = 290816 bytes | Modified Date = 4/30/2002 4:59:48 PM | Attr = ]
hpqtra08.exe → %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe → Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/5/2004 2:28:24 AM | Attr = ]
hpsysdrv.exe → %SystemRoot%\system\hpsysdrv.exe → Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 3:04:38 PM | Attr = ]
ipodservice.exe → %ProgramFiles%\iPod\bin\iPodService.exe → Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 6:05:42 PM | Attr = ]
ituneshelper.exe → %ProgramFiles%\iTunes\iTunesHelper.exe → Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 6:05:48 PM | Attr = ]
jusched.exe → %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe → Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:36 AM | Attr = ]
kbd.exe → %SystemDrive%\hp\KBD\kbd.exe → Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 6:02:48 PM | Attr = ]
keyexp.exe → %ProgramFiles%\keyexp\KEYEXP.EXE → [Ver = | Size = 838656 bytes | Modified Date = 2/24/2000 4:38:08 PM | Attr = ]
logitray.exe → %ProgramFiles%\Logitech\Video\LogiTray.exe → Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 2:14:44 PM | Attr = ]
lvcomsx.exe → %System32%\LVCOMSX.EXE → Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 4:32:18 PM | Attr = ]
qttask.exe → %ProgramFiles%\QuickTime\qttask.exe → Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 8:41:54 AM | Attr = ]
superantispyware.exe → %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe → SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 1:06:28 PM | Attr = ]
updates from hp.exe → %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe → Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 2/15/2005 9:23:14 AM | Attr = ]
wanmpsvc.exe → %SystemRoot%\wanmpsvc.exe → America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:29:46 AM | Attr = ]
weather.exe → %ProgramFiles%\AWS\WeatherBug\Weather.exe → AWS Convergence Technologies, Inc. [Ver = 6, 6, 0, 0 | Size = 1343488 bytes | Modified Date = 1/6/2006 9:57:20 AM | Attr = ]
winpfind3u.exe → %UserDesktop%\WinPFind3u\WinPFind3U.exe → OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]
ymsgr_tray.exe → %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe → Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103664 bytes | Modified Date = 8/30/2007 4:43:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] → %CommonProgramFiles%\AOL\ACS\AOLacsd.exe → AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 4:50:36 AM | Attr = R ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 1:54:58 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 2:06:04 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 2:05:42 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 2:04:44 AM | Attr = ]
(CmdAgent) Comodo Application Agent [Win32_Own | Auto | Running] → %ProgramFiles%\Comodo\Firewall\cmdagent.exe → COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 11/5/2007 8:29:46 AM | Attr = ]
(CWShredder Service) CWShredder Service [Win32_Own | Auto | Stopped] → %ProgramFiles%\InterMute\SpySubtract\CWShredder.exe → File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] → %System32%\dmadmin.exe → Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 10:00:00 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] → %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe → Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/14/2007 6:28:46 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] → %ProgramFiles%\iPod\bin\iPodService.exe → Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 6:05:42 PM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] → %SystemRoot%\wanmpsvc.exe → America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 10:29:46 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
AGRSMMSG → %SystemRoot%\AGRSMMSG.exe → Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 4:06:38 PM | Attr = ]
AlcxMonitor → %SystemRoot%\ALCXMNTR.EXE → Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 7:47:52 PM | Attr = ]
AOL Spyware Protection → %CommonProgramFiles%\AOL\AOL Spyware Protection\AOLSP Scheduler.exe → [Ver = 1, 0, 0, 74 | Size = 79448 bytes | Modified Date = 10/18/2004 3:42:18 PM | Attr = ]
AOLDialer → %CommonProgramFiles%\AOL\ACS\AOLDial.exe → AOL LLC [Ver = 4.6.1.2 | Size = 71216 bytes | Modified Date = 10/23/2006 4:50:38 AM | Attr = R ]
avast! → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 2:06:10 AM | Attr = ]
COMODO Firewall Pro → %ProgramFiles%\Comodo\Firewall\cpf.exe → COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 11/5/2007 8:29:46 AM | Attr = ]
HostManager → %CommonProgramFiles%\AOL\1158686903\ee\AOLSoftware.exe → America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 4:52:48 PM | Attr = ]
HotKeysCmds → %System32%\hkcmd.exe → Intel Corporation [Ver = 3.0.0.3943 | Size = 126976 bytes | Modified Date = 11/2/2004 2:59:42 PM | Attr = ]
HPHmon06 → %System32%\hphmon06.exe → Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 6/7/2004 5:42:30 PM | Attr = ]
HPHUPD06 → %ProgramFiles%\HP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe → Hewlett-Packard [Ver = 6,0,72 | Size = 49152 bytes | Modified Date = 6/7/2004 5:53:26 PM | Attr = ]
hpsysdrv → %SystemRoot%\system\hpsysdrv.exe → Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 3:04:38 PM | Attr = ]
iTunesHelper → %ProgramFiles%\iTunes\iTunesHelper.exe → Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 6:05:48 PM | Attr = ]
KBD → %SystemDrive%\hp\KBD\kbd.exe → Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 6:02:48 PM | Attr = ]
LogitechVideoRepair → %ProgramFiles%\Logitech\Video\ISStart.exe → Logitech Inc. [Ver = 8.4.7.1034 | Size = 458752 bytes | Modified Date = 6/8/2005 2:24:32 PM | Attr = ]
LogitechVideoTray → %ProgramFiles%\Logitech\Video\LogiTray.exe → Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 2:14:44 PM | Attr = ]
LSBWatcher → %SystemDrive%\hp\drivers\hplsbwatcher\lsburnwatcher.exe → Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 10/14/2004 8:54:32 PM | Attr = ]
LVCOMSX → %System32%\LVCOMSX.EXE → Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 4:32:18 PM | Attr = ]
NapsterShell → %ProgramFiles%\Napster\napster.exe → File not found
ProfileWatcher → %ProgramFiles%\ProfileWatcher\profilewatcher.exe → File not found
PS2 → %System32%\ps2.EXE → Hewlett-Packard Company [Ver = 1.0.2.2.112404 | Size = 90112 bytes | Modified Date = 10/25/2004 8:17:56 PM | Attr = ]
QuickTime Task → %ProgramFiles%\QuickTime\qttask.exe → Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 8:41:54 AM | Attr = ]
Recguard → %SystemRoot%\SMINST\Recguard.exe → [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Modified Date = 4/14/2004 7:43:46 PM | Attr = ]
Reminder → %SystemRoot%\CREATOR\Remind_XP.exe → SoftThinks [Ver = 6, 0, 52, 2 | Size = 663552 bytes | Modified Date = 12/14/2004 1:23:44 AM | Attr = ]
Share-to-Web Namespace Daemon → %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe → Hewlett-Packard [Ver = 2,4,0,26 | Size = 57344 bytes | Modified Date = 7/3/2001 9:11:52 AM | Attr = ]
SunJavaUpdateSched → %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe → Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:36 AM | Attr = ]
TkBellExe → %CommonProgramFiles%\Real\Update_OB\realsched.exe → RealNetworks, Inc. [Ver = 0.1.0.3034 | Size = 180269 bytes | Modified Date = 2/15/2005 9:09:30 AM | Attr = ]
UserFaultCheck → → File not found
< OptionalComponents [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ →
IMAIL → Installed = 1 →
MAPI → Installed = 1 →
MSFS → Installed = 1 →

< Run [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
Acme.PCHButton → %ProgramFiles%\Help and Support Additions\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe → Motive Communications, Inc. [Ver = 4.12.0.13.pchealthclient.pchclient.20040420_151000 | Size = 159744 bytes | Modified Date = 2/15/2005 9:25:18 AM | Attr = ]
LogitechSoftwareUpdate → %ProgramFiles%\Logitech\Video\ManifestEngine.exe → Logitech Inc. [Ver = 8.4.7.1034 | Size = 196608 bytes | Modified Date = 6/8/2005 1:44:14 PM | Attr = ]
SUPERAntiSpyware → %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe → SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 1:06:28 PM | Attr = ]
swg → %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe → Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/9/2007 5:53:56 PM | Attr = ]
Weather → %ProgramFiles%\AWS\WeatherBug\Weather.exe → AWS Convergence Technologies, Inc. [Ver = 6, 6, 0, 0 | Size = 1343488 bytes | Modified Date = 1/6/2006 9:57:20 AM | Attr = ]
Yahoo! Pager → %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe → Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 4:43:18 PM | Attr = ]
< Common Startup > → C:\Documents and Settings\All Users\Start Menu\Programs\Startup →
%AllUsersStartup%\America Online 9.0 Tray Icon.lnk → %ProgramFiles%\America Online 9.0\aoltray.exe → America Online, Inc. [Ver = 9.00.001 | Size = 156784 bytes | Modified Date = 8/24/2004 3:08:44 PM | Attr = H ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk → %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe → Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/5/2004 2:28:24 AM | Attr = ]
%AllUsersStartup%\HPAiODevice(hp psc 700 series) - 1.lnk → %ProgramFiles%\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe → Hewlett-Packard Co. [Ver = 2.00 | Size = 491580 bytes | Modified Date = 2/3/2003 4:46:20 PM | Attr = ]
%AllUsersStartup%\Updates from HP.lnk → %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe → Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 2/15/2005 9:23:14 AM | Attr = ]
< User Startup > → C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup →
%UserStartup%\Keyboard Express 2000.lnk → %ProgramFiles%\keyexp\KEYEXP.EXE → [Ver = | Size = 838656 bytes | Modified Date = 2/24/2000 4:38:08 PM | Attr = ]
< ShellExecuteHooks [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks →
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] → %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
{634BBAB7-3F60-4426-944F-A62B9007F67F} [HKLM] → Reg Data - Key not found → File not found
< SecurityProviders [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders →
SecurityProviders → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders →
zwebauth.dll → %System32%\ZWebAuth.dll → [Ver = | Size = 16973 bytes | Modified Date = 9/18/2001 6:37:34 PM | Attr = ]
< Winlogon settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
UserInit → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit →
C:\WINDOWS\system32\vvgeowbv.exe → %System32%\vvgeowbv.exe → File not found
< Winlogon\Notify settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ →
!SASWinLogon → %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll → SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 12:41:36 PM | Attr = ]
igfxcui → %System32%\igfxsrvc.dll → Intel Corporation [Ver = 3.0.0.3943 | Size = 348160 bytes | Modified Date = 11/2/2004 2:59:20 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveAutoRun → 67108863 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun → 255 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} → 1073741857 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1} → 32 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\dontdisplaylastusername → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticecaption → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticetext → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\shutdownwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\undockwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ → →
< CurrentVersion Policy Settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun → 145 →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ → →
< HOSTS File > (27 bytes) → C:\WINDOWS\System32\drivers\etc\Hosts →
127.0.0.1 localhost → →
< Internet Explorer Settings > → →

HKLM: Default_Page_URL → http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM: Main\Default_Search_URL → http://www.google.com/ie
HKLM: Local Page → C:\windows\system32\blank.htm →
HKLM: Search Page → http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM: Start Page → http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM: CustomizeSearch → http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM: Search\Default_Search_URL → http://www.google.com/ie
HKLM: SearchAssistant → http://www.google.com/ie
HKLM: URLSearchHooks\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKLM] → %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOLTBSearch Class] → AOL LLC [Ver = 5.0.33.3 | Size = 1025584 bytes | Modified Date = 5/17/2007 9:39:06 AM | Attr = ]
HKCU: Default_Search_URL → http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU: Local Page → C:\windows\system32\blank.htm →
HKCU: Search Bar → http://www.google.com/ie
HKCU: Search Page → http://www.google.com
HKCU: Start Page → http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU: SearchAssistant → http://www.google.com/ie
HKCU: URLSearchHooks\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKLM] → %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOLTBSearch Class] → AOL LLC [Ver = 5.0.33.3 | Size = 1025584 bytes | Modified Date = 5/17/2007 9:39:06 AM | Attr = ]
HKCU: ProxyEnable → 0 →
< Trusted Sites > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
msn.com [ - ] → →
< BHO’s > → HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ →
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] → %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] → Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 9:17:44 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] → %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] → Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] → %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] → AOL LLC [Ver = 5.0.33.3 | Size = 1025584 bytes | Modified Date = 5/17/2007 9:39:06 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] → %ProgramFiles%\Google\googletoolbar3.dll [Google Toolbar Helper] → Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] → %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] → Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 6/9/2007 5:53:56 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar →
[HKLM] → Reg Data - Key not found [Reg Data - Value does not exist] → File not found
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] → %ProgramFiles%\Google\googletoolbar3.dll [&Google] → Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 11:26:28 AM | Attr = ]
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] → %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] → AOL LLC [Ver = 5.0.33.3 | Size = 1025584 bytes | Modified Date = 5/17/2007 9:39:06 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ →
ShellBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] → %ProgramFiles%\Google\googletoolbar3.dll [&Google] → Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
ShellBrowser\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 11:26:28 AM | Attr = ]
WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] → %ProgramFiles%\Google\googletoolbar3.dll [&Google] → Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
WebBrowser\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
WebBrowser\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 11:26:28 AM | Attr = ]
WebBrowser\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] → %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] → AOL LLC [Ver = 5.0.33.3 | Size = 1025584 bytes | Modified Date = 5/17/2007 9:39:06 AM | Attr = ]

WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
< Internet Explorer Extensions [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ →
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] → %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] → Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] → %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] → Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
{3369AF0D-62E9-4bda-8103-B4C75499B578} → Reg Data - Value does not exist [ButtonText: AOL Toolbar] → File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} → Reg Data - Value does not exist [ButtonText: Research] → File not found
CmdMapping [HKLM] → Reg Data - Key not found [MenuText: Reg Data - Value does not exist] → File not found
< Internet Explorer Menu Extensions [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ →
&AOL Toolbar Search → %ProgramFiles%\aol\aol toolbar 5.0\resources\en-US\local\search.htm → File not found
Add To HP Organize… → %SystemDrive%\PROGRA~1\HEWLET~1\HPORGA~1\bin\module.main\favorites\ie_add_to.htm → File not found
E&xport to Microsoft Excel → → File not found
< User Agent Post Platform [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform →
SV1 → →
< DNS Name Servers [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ →
{1CE8CB58-B8FB-4A26-8139-ED5F8503D469} → () →
{70CEC16C-A1E3-491D-929A-FBDBCACE2459} → (1394 Net Adapter) →
{A5724737-BF9A-4C70-8668-1A2FAD954C60} → (Realtek RTL8139/810x Family Fast Ethernet NIC) →
< Protocol Handlers [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ →
ipp → Reg Data - Key not found → File not found
msdaipp → Reg Data - Key not found → File not found
< Downloaded Program Files > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ →
{05D44720-58E3-49E6-BDF6-D00330E511D3} → StagingUI Object - CodeBase = http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
{112857FE-03FF-11D5-9A3F-0080C8D85044} → GameDesire Solitaires - CodeBase = http://67.15.101.3/g_bin/eng/solitaire_2_0_0_28.cab
{166B1BCA-3F9C-11CF-8075-444553540000} → Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} → Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{1A781DED-C22D-4153-3213-A3211E29DF13} → GameDesire Card Games - CodeBase = http://67.15.101.33/g_bin/eng/cards_2_0_0_75.cab
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} → MSN Games – Buddy Invite - CodeBase = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
{41ACD49D-1974-791A-0981-AA9872721044} → Ganymede Board Games - CodeBase = http://67.15.101.33/g_bin/eng/boards_2_0_0_34.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} → MSN Photo Upload Tool - CodeBase = http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
{5736C456-EA94-4AAC-BB08-917ABDD035B3} → ZonePAChat Object - CodeBase = http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} → WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167880678454
{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} → UnoCtrl Class - CodeBase = http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} → Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{9BDF4724-10AA-43D5-BD15-AEA0D2287303} → MSN Games – Texas Holdem Poker - CodeBase = http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
{B8BE5E93-A60C-4D26-A2DC-220313175592} → MSN Games - Installer - CodeBase = http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} → Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} → Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} → - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} → MSN Games – Game Communicator - CodeBase = http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
{E23FABEE-12E3-33DA-DA12-195DAC123984} → GameDesire Mahjong - CodeBase = http://67.15.101.33/g_bin/eng/mahjong_2_0_0_29.cab

[Files/Folders - Created Within 30 days]
avenger → %SystemDrive%\avenger → [Folder | Created Date = 11/5/2007 11:44:55 PM | Attr = ]
boot.ini.comodofirewall → %SystemDrive%\boot.ini.comodofirewall → [Ver = | Size = 283 bytes | Created Date = 11/5/2007 8:36:46 AM | Attr = ]
Deckard → %SystemDrive%\Deckard → [Folder | Created Date = 11/4/2007 7:50:02 AM | Attr = ]
hiberfil.sys → %SystemDrive%\hiberfil.sys → [Ver = | Size = 528011264 bytes | Created Date = 1/1/1601 8:00:00 AM | Attr = HS]
qoobox → %SystemDrive%\qoobox → [Folder | Created Date = 11/2/2007 2:34:13 PM | Attr = ]
sqmdata08.sqm → %SystemDrive%\sqmdata08.sqm → [Ver = | Size = 232 bytes | Created Date = 10/9/2007 5:56:07 AM | Attr = H ]
sqmdata09.sqm → %SystemDrive%\sqmdata09.sqm → [Ver = | Size = 232 bytes | Created Date = 10/24/2007 4:49:35 AM | Attr = H ]
sqmnoopt08.sqm → %SystemDrive%\sqmnoopt08.sqm → [Ver = | Size = 244 bytes | Created Date = 10/9/2007 5:56:07 AM | Attr = H ]
sqmnoopt09.sqm → %SystemDrive%\sqmnoopt09.sqm → [Ver = | Size = 244 bytes | Created Date = 10/24/2007 4:49:35 AM | Attr = H ]
Temp → %SystemDrive%\Temp → [Folder | Created Date = 10/22/2007 6:01:37 AM | Attr = ]
_OTMoveIt → %SystemDrive%_OTMoveIt → [Folder | Created Date = 11/4/2007 1:51:10 PM | Attr = ]
$NtUninstallKB933729$ → %SystemRoot%$NtUninstallKB933729$ → [Folder | Created Date = 10/10/2007 10:50:11 PM | Attr = H ]
$NtUninstallKB939653$ → %SystemRoot%$NtUninstallKB939653$ → [Folder | Created Date = 10/10/2007 10:49:52 PM | Attr = H ]
$NtUninstallKB941202$ → %SystemRoot%$NtUninstallKB941202$ → [Folder | Created Date = 10/10/2007 10:48:41 PM | Attr = H ]
absolute key logger.lnk → %SystemRoot%\absolute key logger.lnk → [Ver = | Size = 9472 bytes | Created Date = 11/4/2007 8:11:25 AM | Attr = ]
aconti.ini → %SystemRoot%\aconti.ini → [Ver = | Size = 24832 bytes | Created Date = 11/4/2007 8:11:29 AM | Attr = ]
aconti.sdb → %SystemRoot%\aconti.sdb → [Ver = | Size = 19712 bytes | Created Date = 11/4/2007 8:11:29 AM | Attr = ]
catchme.exe → %SystemRoot%\catchme.exe → [Ver = | Size = 136192 bytes | Created Date = 11/2/2007 2:33:28 PM | Attr = ]
cookies.ini → %SystemRoot%\cookies.ini → [Ver = | Size = 917 bytes | Created Date = 11/4/2007 9:22:55 PM | Attr = ]
default.htm → %SystemRoot%\default.htm → [Ver = | Size = 1679 bytes | Created Date = 11/4/2007 8:11:19 AM | Attr = ]
erdnt → %SystemRoot%\erdnt → [Folder | Created Date = 11/2/2007 2:38:04 PM | Attr = ]
NirCmd.exe → %SystemRoot%\NirCmd.exe → NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 11/2/2007 2:33:28 PM | Attr = ]
bygwdcie.ini → %System32%\bygwdcie.ini → [Ver = | Size = 693628 bytes | Created Date = 10/22/2007 6:39:41 PM | Attr = HS]
din.ip → %System32%\din.ip → [Ver = | Size = 12 bytes | Created Date = 11/4/2007 7:49:32 AM | Attr = ]
eqswbyjp.ini → %System32%\eqswbyjp.ini → [Ver = | Size = 579089 bytes | Created Date = 11/1/2007 4:08:46 AM | Attr = HS]
fifesjcq.ini → %System32%\fifesjcq.ini → [Ver = | Size = 414 bytes | Created Date = 11/5/2007 7:31:16 PM | Attr = HS]
gjjlm.ini → %System32%\gjjlm.ini → [Ver = | Size = 412673 bytes | Created Date = 11/5/2007 4:56:32 AM | Attr = HS]
hbqkbaas.ini → %System32%\hbqkbaas.ini → [Ver = | Size = 577095 bytes | Created Date = 11/4/2007 7:00:31 PM | Attr = HS]
java.exe → %System32%\java.exe → Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/3/2007 9:20:18 PM | Attr = ]
javaw.exe → %System32%\javaw.exe → Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/3/2007 9:20:18 PM | Attr = ]
javaws.exe → %System32%\javaws.exe → Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 11/3/2007 9:20:18 PM | Attr = ]
jpewocmz.ini → %System32%\jpewocmz.ini → [Ver = | Size = 4 bytes | Created Date = 11/4/2007 7:49:32 AM | Attr = ]
jrtwykgc.ini → %System32%\jrtwykgc.ini → [Ver = | Size = 572456 bytes | Created Date = 10/31/2007 4:12:34 AM | Attr = HS]
mcrh.tmp → %System32%\mcrh.tmp → [Ver = | Size = 143 bytes | Created Date = 10/23/2007 1:59:03 PM | Attr = ]
Process.exe → %System32%\Process.exe → http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 11/4/2007 12:09:59 PM | Attr = ]
rqtss.ini → %System32%\rqtss.ini → [Ver = | Size = 6668 bytes | Created Date = 11/4/2007 9:17:01 PM | Attr = HS]
SrchSTS.exe → %System32%\SrchSTS.exe → S!Ri [Ver = | Size = 288417 bytes | Created Date = 11/4/2007 12:09:59 PM | Attr = ]
swreg.exe → %System32%\swreg.exe → SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 11/2/2007 2:33:28 PM | Attr = ]
swsc.exe → %System32%\swsc.exe → SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 11/2/2007 2:33:28 PM | Attr = ]
swxcacls.exe → %System32%\swxcacls.exe → SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 11/2/2007 2:33:28 PM | Attr = ]
sznf.ascii → %System32%\sznf.ascii → [Ver = | Size = 92 bytes | Created Date = 11/4/2007 7:49:42 AM | Attr = ]
uonalcrh.ini → %System32%\uonalcrh.ini → [Ver = | Size = 584613 bytes | Created Date = 10/27/2007 6:11:47 AM | Attr = HS]
VCCLSID.exe → %System32%\VCCLSID.exe → S!Ri [Ver = | Size = 289144 bytes | Created Date = 11/4/2007 12:09:59 PM | Attr = ]
VFind.exe → %System32%\VFind.exe → [Ver = | Size = 49152 bytes | Created Date = 11/2/2007 2:33:28 PM | Attr = ]
WS2Fix.exe → %System32%\WS2Fix.exe → [Ver = | Size = 25600 bytes | Created Date = 11/4/2007 12:09:59 PM | Attr = ]
wxqghjia.ini → %System32%\wxqghjia.ini → [Ver = | Size = 354 bytes | Created Date = 10/25/2007 6:13:48 AM | Attr = HS]
xbbewnmx.ini → %System32%\xbbewnmx.ini → [Ver = | Size = 479294 bytes | Created Date = 10/26/2007 6:09:01 AM | Attr = HS]
cmdmon.sys → %System32%\drivers\cmdmon.sys → Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Created Date = 11/5/2007 8:29:47 AM | Attr = ]
inspect.sys → %System32%\drivers\inspect.sys → COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Created Date = 11/5/2007 8:29:47 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
avenger → %SystemDrive%\avenger → [Folder | Modified Date = 11/5/2007 11:44:56 PM | Attr = ]
boot.ini → %SystemDrive%\boot.ini → [Ver = | Size = 283 bytes | Modified Date = 11/5/2007 8:36:48 AM | Attr = RHS]
Config.Msi → %SystemDrive%\Config.Msi → [Folder | Modified Date = 11/3/2007 9:31:46 PM | Attr = H ]
Deckard → %SystemDrive%\Deckard → [Folder | Modified Date = 11/4/2007 7:50:04 AM | Attr = ]
Documents and Settings → %SystemDrive%\Documents and Settings → [Folder | Modified Date = 11/5/2007 11:41:02 PM | Attr = ]
hiberfil.sys → %SystemDrive%\hiberfil.sys → [Ver = | Size = 528011264 bytes | Modified Date = 11/6/2007 8:13:52 AM | Attr = HS]
Program Files → %ProgramFiles% → [Folder | Modified Date = 11/5/2007 8:29:48 AM | Attr = ]
qoobox → %SystemDrive%\qoobox → [Folder | Modified Date = 11/2/2007 7:07:32 PM | Attr = ]
sqmdata08.sqm → %SystemDrive%\sqmdata08.sqm → [Ver = | Size = 232 bytes | Modified Date = 10/9/2007 5:56:08 AM | Attr = H ]
sqmdata09.sqm → %SystemDrive%\sqmdata09.sqm → [Ver = | Size = 232 bytes | Modified Date = 10/24/2007 4:49:36 AM | Attr = H ]
sqmnoopt08.sqm → %SystemDrive%\sqmnoopt08.sqm → [Ver = | Size = 244 bytes | Modified Date = 10/9/2007 5:56:08 AM | Attr = H ]
sqmnoopt09.sqm → %SystemDrive%\sqmnoopt09.sqm → [Ver = | Size = 244 bytes | Modified Date = 10/24/2007 4:49:36 AM | Attr = H ]
System Volume Information → %SystemDrive%\System Volume Information → [Folder | Modified Date = 11/6/2007 12:13:40 AM | Attr = HS]
Temp → %SystemDrive%\Temp → [Folder | Modified Date = 11/4/2007 9:08:34 PM | Attr = ]
WINDOWS → %SystemRoot% → [Folder | Modified Date = 11/6/2007 6:27:50 AM | Attr = ]
_OTMoveIt → %SystemDrive%_OTMoveIt → [Folder | Modified Date = 11/4/2007 1:51:12 PM | Attr = ]
$hf_mig$ → %SystemRoot%$hf_mig$ → [Folder | Modified Date = 10/10/2007 10:50:12 PM | Attr = H ]
$NtUninstallKB933729$ → %SystemRoot%$NtUninstallKB933729$ → [Folder | Modified Date = 10/10/2007 10:50:14 PM | Attr = H ]
$NtUninstallKB939653$ → %SystemRoot%$NtUninstallKB939653$ → [Folder | Modified Date = 10/10/2007 10:49:58 PM | Attr = H ]
$NtUninstallKB941202$ → %SystemRoot%$NtUninstallKB941202$ → [Folder | Modified Date = 10/10/2007 10:48:42 PM | Attr = H ]
absolute key logger.lnk → %SystemRoot%\absolute key logger.lnk → [Ver = | Size = 9472 bytes | Modified Date = 11/4/2007 8:11:26 AM | Attr = ]
aconti.ini → %SystemRoot%\aconti.ini → [Ver = | Size = 24832 bytes | Modified Date = 11/4/2007 8:11:30 AM | Attr = ]
aconti.sdb → %SystemRoot%\aconti.sdb → [Ver = | Size = 19712 bytes | Modified Date = 11/4/2007 8:11:30 AM | Attr = ]
bootstat.dat → %SystemRoot%\bootstat.dat → [Ver = | Size = 2048 bytes | Modified Date = 11/6/2007 8:13:54 AM | Attr = S]
catchme.exe → %SystemRoot%\catchme.exe → [Ver = | Size = 136192 bytes | Modified Date = 10/29/2007 6:56:20 PM | Attr = ]
cookies.ini → %SystemRoot%\cookies.ini → [Ver = | Size = 917 bytes | Modified Date = 11/5/2007 6:49:04 AM | Attr = ]
default.htm → %SystemRoot%\default.htm → [Ver = | Size = 1679 bytes | Modified Date = 11/4/2007 1:55:16 PM | Attr = ]
Downloaded Program Files → %SystemRoot%\Downloaded Program Files → [Folder | Modified Date = 11/5/2007 4:14:46 PM | Attr = S]
erdnt → %SystemRoot%\erdnt → [Folder | Modified Date = 11/4/2007 9:09:16 PM | Attr = ]
Help → %SystemRoot%\Help → [Folder | Modified Date = 11/2/2007 6:01:02 PM | Attr = ]
imsins.BAK → %SystemRoot%\imsins.BAK → [Ver = | Size = 1943 bytes | Modified Date = 10/21/2007 9:11:26 AM | Attr = ]
inf → %SystemRoot%\inf → [Folder | Modified Date = 10/22/2007 6:10:26 AM | Attr = H ]
Installer → %SystemRoot%\Installer → [Folder | Modified Date = 11/3/2007 9:31:48 PM | Attr = HS]
Prefetch → %SystemRoot%\Prefetch → [Folder | Modified Date = 11/6/2007 7:07:50 AM | Attr = ]
Registration → %SystemRoot%\Registration → [Folder | Modified Date = 11/5/2007 4:01:42 PM | Attr = ]
SoftwareDistribution → %SystemRoot%\SoftwareDistribution → [Folder | Modified Date = 10/25/2007 10:55:40 PM | Attr = ]
system32 → %System32% → [Folder | Modified Date = 11/5/2007 11:41:04 PM | Attr = ]
Tasks → %SystemRoot%\Tasks → [Folder | Modified Date = 11/4/2007 9:08:52 PM | Attr = S]
Temp → %SystemRoot%\Temp → [Folder | Modified Date = 11/6/2007 8:15:30 AM | Attr = ]
viassary-hp.reg → %SystemRoot%\viassary-hp.reg → [Ver = | Size = 3645 bytes | Modified Date = 11/2/2007 5:13:10 PM | Attr = ]
AppleSoftwareUpdate.job → %SystemRoot%\tasks\AppleSoftwareUpdate.job → [Ver = | Size = 284 bytes | Modified Date = 11/1/2007 1:26:02 PM | Attr = ]
Norton AntiVirus - Scan my computer - HP_Owner.job → %SystemRoot%\tasks\Norton AntiVirus -

Scan my computer - HP_Owner.job → [Ver = | Size = 536 bytes | Modified Date = 11/2/2007 7:00:02 PM | Attr = ]
SA.DAT → %SystemRoot%\tasks\SA.DAT → [Ver = | Size = 6 bytes | Modified Date = 11/6/2007 8:13:58 AM | Attr = H ]
bygwdcie.ini → %System32%\bygwdcie.ini → [Ver = | Size = 693628 bytes | Modified Date = 10/24/2007 5:01:16 AM | Attr = HS]
CatRoot2 → %System32%\CatRoot2 → [Folder | Modified Date = 11/6/2007 12:26:02 AM | Attr = ]
config → %System32%\config → [Folder | Modified Date = 11/5/2007 4:02:08 PM | Attr = ]
din.ip → %System32%\din.ip → [Ver = | Size = 12 bytes | Modified Date = 11/4/2007 7:49:34 AM | Attr = ]
dllcache → %System32%\dllcache → [Folder | Modified Date = 10/11/2007 3:48:58 AM | Attr = RHS]
drivers → %System32%\drivers → [Folder | Modified Date = 11/5/2007 11:44:56 PM | Attr = ]
eqswbyjp.ini → %System32%\eqswbyjp.ini → [Ver = | Size = 579089 bytes | Modified Date = 11/2/2007 4:09:12 AM | Attr = HS]
fifesjcq.ini → %System32%\fifesjcq.ini → [Ver = | Size = 414 bytes | Modified Date = 11/5/2007 8:59:06 PM | Attr = HS]
gjjlm.ini → %System32%\gjjlm.ini → [Ver = | Size = 412673 bytes | Modified Date = 11/5/2007 11:40:08 PM | Attr = HS]
hbqkbaas.ini → %System32%\hbqkbaas.ini → [Ver = | Size = 577095 bytes | Modified Date = 11/5/2007 6:48:58 AM | Attr = HS]
jpewocmz.ini → %System32%\jpewocmz.ini → [Ver = | Size = 4 bytes | Modified Date = 11/4/2007 7:49:34 AM | Attr = ]
jrtwykgc.ini → %System32%\jrtwykgc.ini → [Ver = | Size = 572456 bytes | Modified Date = 10/31/2007 4:12:42 AM | Attr = HS]
mcrh.tmp → %System32%\mcrh.tmp → [Ver = | Size = 143 bytes | Modified Date = 10/23/2007 1:59:04 PM | Attr = ]
perfc009.dat → %System32%\perfc009.dat → [Ver = | Size = 53436 bytes | Modified Date = 11/4/2007 11:48:18 AM | Attr = ]
perfh009.dat → %System32%\perfh009.dat → [Ver = | Size = 381692 bytes | Modified Date = 11/4/2007 11:48:18 AM | Attr = ]
PerfStringBackup.INI → %System32%\PerfStringBackup.INI → [Ver = | Size = 441626 bytes | Modified Date = 11/4/2007 11:48:18 AM | Attr = ]
Restore → %System32%\Restore → [Folder | Modified Date = 11/6/2007 12:13:40 AM | Attr = ]
rqtss.ini → %System32%\rqtss.ini → [Ver = | Size = 6668 bytes | Modified Date = 11/5/2007 4:49:44 AM | Attr = HS]
sznf.ascii → %System32%\sznf.ascii → [Ver = | Size = 92 bytes | Modified Date = 11/4/2007 7:49:44 AM | Attr = ]
tmp.reg → %System32%\tmp.reg → [Ver = | Size = 6238 bytes | Modified Date = 11/4/2007 12:10:50 PM | Attr = ]
uonalcrh.ini → %System32%\uonalcrh.ini → [Ver = | Size = 584613 bytes | Modified Date = 11/1/2007 3:41:52 AM | Attr = HS]
wbem → %System32%\wbem → [Folder | Modified Date = 11/5/2007 4:01:42 PM | Attr = ]
wpa.dbl → %System32%\wpa.dbl → [Ver = | Size = 1158 bytes | Modified Date = 11/6/2007 8:14:52 AM | Attr = ]
wxqghjia.ini → %System32%\wxqghjia.ini → [Ver = | Size = 354 bytes | Modified Date = 10/26/2007 12:42:14 AM | Attr = HS]
xbbewnmx.ini → %System32%\xbbewnmx.ini → [Ver = | Size = 479294 bytes | Modified Date = 10/27/2007 6:09:24 AM | Attr = HS]
cmdmon.sys → %System32%\drivers\cmdmon.sys → Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Modified Date = 11/5/2007 8:29:48 AM | Attr = ]
etc → %System32%\drivers\etc → [Folder | Modified Date = 11/4/2007 9:11:16 PM | Attr = ]
inspect.sys → %System32%\drivers\inspect.sys → COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Modified Date = 11/5/2007 8:29:48 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , → %System32%\ALSNDMGR.CPL → Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 9/20/2004 9:20:44 PM | Attr = ]
UPX! , UPX0 , → %System32%\asw51.tmp → [Ver = 4, 6, 763, 0 | Size = 503296 bytes | Modified Date = 1/27/2006 2:38:10 PM | Attr = ]
UPX! , UPX0 , → %System32%\aswBoot.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 9/6/2007 2:09:50 AM | Attr = ]
PEC2 , → %System32%\dfrg.msc → [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 10:00:00 AM | Attr = ]
Thawte Consulting , → %System32%\SmartUI2.ocx → Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Modified Date = 3/15/2007 11:22:38 AM | Attr = ]
UPX! , UPX0 , → %System32%\SrchSTS.exe → S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 4:49:30 PM | Attr = ]
UPX! , UPX0 , → %System32%\swreg.exe → SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 7/22/2007 6:39:28 PM | Attr = ]
UPX! , UPX0 , → %System32%\VCCLSID.exe → S!Ri [Ver = | Size = 289144 bytes | Modified Date = 9/5/2007 11:22:24 PM | Attr = ]
winsync , → %System32%\wbdbase.deu → [Ver = | Size = 1309184 bytes | Modified Date = 8/3/2004 8:00:00 PM | Attr = ]
UPX! , UPX0 , → %System32%\WS2Fix.exe → [Ver = | Size = 25600 bytes | Modified Date = 10/3/2007 11:36:46 PM | Attr = ]
Thawte Consulting , → %System32%\XceedCry.dll → Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 3/15/2007 11:19:58 AM | Attr = ]
Thawte Consulting , → %System32%\XceedZip.dll → Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 3/15/2007 11:23:16 AM | Attr = ]

< End of report >

Here’s the fix I’ve prepared from the WinPFind log. Let oldman take a look before running it.

Note to oldman: I’m ending our behind the scenes debate about tmp.reg with this fix in that I’ve included it in the deletions. If you would rather investigate further it can be removed (ie kept/not deleted). My only hesitation is a curiosity to see its contents which could point to the workings of some of the malware.

To use the fix start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says “Paste fix here” and then click the Run Fix button. Please note there are duplicates so the results will show some “File Not Found”, especially in the second half.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information in your next response with a fresh WinPFind log.

Also let me know of any problems you encounter performing these steps or any continuing problems you are having with the computer.

Also please upload these two files to Virus Total and post the results:

c:\windows\system32\din.ip
c:\windows\system32\process.exe

Edit: If you see Absolute Key Logger in your Add/Remove Programs please uninstall it.

Good work with Avenger guys and yes all files will be backed up in either the OTmoveit folder or Qoobox folder. Process.exe is used by combo fix. din.ip is part of a reverse DNS file I don’t think Susie will need that. Taking out the ini files is good as that would help make it easier for a re-infection if they remained. Actual infections were Virtumondo a couple of Trojan droppers a bit of smitfraud. I believe it was the Vundo that changed the auth package very sneaky. tmp.reg is sometimes legitimate and sometimetimes not, there is no definitive way to tell so as a matter of course I usually delete them and if they are legitimate the programme that uses it will rebuild it. The confusion about the 02’s with DSS is that sometimes it will take data from an old scan, if that appears to be happening then just delete the logs in the DSS folder and run again

@mauserme and essexboy

Do you think it worthwhile or posible to gain anything from the tmp.reg? Eitherway I’m okay, in light of the fact that the file will be rebuilt if needed.

Might be worth zipping it and uploading it here, I can then download it open it up and see what it is

As in attaching it to a post?

I think I saw a backdoor in there too …

EDIT:

@Essexboy

The file inofrmation for process…exe is

Process.exe → %System32%\Process.exe → http://www (dot) beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 11/4/2007 12:09:59 PM | Attr = ]

The beyondlogic.org reference seems related to smitfraud …