nic's problem 

oldman960 · 2008-01-03T13:26:51.000Z

Yes, it’s a deeper scan that should reveal the problem.

system · 2008-01-03T16:38:46.000Z

Hi “Nic” :

  Just a side Note : your Sun Java program is WAY-out-of-date and a very
  serious security risk ; should uninstall ALL versions of this program.
  The latest version is available at www.java.com .

   And there is recent news of a serious Vulnerability discovered in "Real
   Player" ; not sure if it is currently "patchable" !? Perhaps you should
   consider an "alternative" & many of us here recommend "RealAlternate" .

system · 2008-01-03T17:25:33.000Z

Thank You Essexboy,Oldman,and Spiritsong for all of your help.
This is the log from WinPFind3U in several parts since it doesn’t fit:

WinPFind3 logfile created on: 1/4/2008 10:11:40 AM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind3u
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

503.48 Mb Total Physical Memory | 267.28 Mb Available Physical Memory | 53.09% Memory free
1.20 Gb Paging File | 0.98 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

Computer Name: YOUR-46E94OWX6A
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
ashdisp.exe → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 6:00:24 AM | Attr = ]
ashmaisv.exe → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 5:59:54 AM | Attr = ]
ashserv.exe → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 6:00:16 AM | Attr = ]
ashwebsv.exe → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 5:59:02 AM | Attr = ]
aswupdsv.exe → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 7:36:34 AM | Attr = ]
brmfrmps.exe → %System32%\Brmfrmps.exe → Brother Industries, Ltd. [Ver = 1.10.10.144 | Size = 65536 bytes | Modified Date = 5/5/2003 6:30:22 PM | Attr = ]
brss01a.exe → %System32%\brss01a.exe → brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 12/12/2001 11:01:00 PM | Attr = ]
brsvc01a.exe → %System32%\brsvc01a.exe → brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 4/11/2002 11:00:00 PM | Attr = ]
ipodservice.exe → %ProgramFiles%\iPod\bin\iPodService.exe → Apple Computer, Inc. [Ver = 6.0.1.3 | Size = 323584 bytes | Modified Date = 10/18/2005 11:58:40 AM | Attr = ]
ituneshelper.exe → %ProgramFiles%\iTunes\iTunesHelper.exe → Apple Computer, Inc. [Ver = 6.0.1.3 | Size = 278528 bytes | Modified Date = 10/18/2005 11:58:54 AM | Attr = ]
mysurveymessenger.exe → %ProgramFiles%\MySurvey Messenger\MySurveyMessenger.exe → [Ver = 1, 0, 0, 1 | Size = 651264 bytes | Modified Date = 7/2/2007 2:46:10 PM | Attr = ]
pptd40nt.exe → %ProgramFiles%\ScanSoft\PaperPort\pptd40nt.exe → ScanSoft, Inc. [Ver = 9.0 | Size = 57393 bytes | Modified Date = 4/14/2004 1:46:50 PM | Attr = ]
realsched.exe → %CommonProgramFiles%\Real\Update_OB\realsched.exe → RealNetworks, Inc. [Ver = 0.1.0.4081 | Size = 185632 bytes | Modified Date = 8/2/2007 5:49:04 AM | Attr = ]
searchprotection.exe → %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe → Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 7:59:38 AM | Attr = ]
sonytray.exe → %ProgramFiles%\Sony Corporation\Image Transfer\SonyTray.exe → [Ver = | Size = 73728 bytes | Modified Date = 10/16/2002 7:20:20 PM | Attr = ]
tgcmd.exe → %ProgramFiles%\Support.com\bin\tgcmd.exe → Qwest [Ver = 5,5,726,0 | Size = 1851392 bytes | Modified Date = 11/18/2005 10:33:00 PM | Attr = R ]
winpfind3u.exe → %UserDesktop%\WinPFind3u\WinPFind3U.exe → OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]

system · 2008-01-03T17:28:43.000Z

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 7:36:34 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 6:00:16 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 5:59:54 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 5:59:02 AM | Attr = ]
(brmfrmps) Brother Popup Suspend service for Resource manager [Win32_Own | Auto | Running] → %System32%\Brmfrmps.exe → Brother Industries, Ltd. [Ver = 1.10.10.144 | Size = 65536 bytes | Modified Date = 5/5/2003 6:30:22 PM | Attr = ]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] → %System32%\brsvc01a.exe → brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 4/11/2002 11:00:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] → %System32%\dmadmin.exe → Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe → Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] → %ProgramFiles%\iPod\bin\iPodService.exe → Apple Computer, Inc. [Ver = 6.0.1.3 | Size = 323584 bytes | Modified Date = 10/18/2005 11:58:40 AM | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] → %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe → Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 7:59:50 PM | Attr = ]

system · 2008-01-03T17:29:41.000Z

[Registry - Non-Microsoft Only]
< Run [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
Adobe Reader Speed Launcher → %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe → Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 5/11/2007 2:06:32 AM | Attr = ]
avast! → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 6:00:24 AM | Attr = ]
ControlCenter2.0 → %ProgramFiles%\Brother\ControlCenter2\brctrcen.exe → Brother Industries, Ltd. [Ver = 2, 0, 8, 0 | Size = 851968 bytes | Modified Date = 7/20/2004 8:34:28 AM | Attr = ]
IndexSearch → %ProgramFiles%\ScanSoft\PaperPort\IndexSearch.exe → ScanSoft, Inc. [Ver = 9.0 | Size = 40960 bytes | Modified Date = 4/14/2004 2:04:12 PM | Attr = ]
iTunesHelper → %ProgramFiles%\iTunes\iTunesHelper.exe → Apple Computer, Inc. [Ver = 6.0.1.3 | Size = 278528 bytes | Modified Date = 10/18/2005 11:58:54 AM | Attr = ]
NoteBurner → %ProgramFiles%\NoteBurner\VTBurnerGUI.exe → File not found
PaperPort PTD → %ProgramFiles%\ScanSoft\PaperPort\pptd40nt.exe → ScanSoft, Inc. [Ver = 9.0 | Size = 57393 bytes | Modified Date = 4/14/2004 1:46:50 PM | Attr = ]
QuickTime Task → %ProgramFiles%\QuickTime\qttask.exe → Apple Computer, Inc. [Ver = 7.0.3 | Size = 155648 bytes | Modified Date = 11/16/2005 11:31:26 PM | Attr = ]
SetDefPrt → %ProgramFiles%\Brother\Brmfl04a\BrStDvPt.exe → Brother Industories, Ltd. [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Modified Date = 5/25/2004 8:16:56 AM | Attr = ]
SSBkgdUpdate → %CommonProgramFiles%\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe → Scansoft, Inc. [Ver = 1, 0, 0, 6 | Size = 155648 bytes | Modified Date = 10/14/2003 9:22:30 AM | Attr = R ]
tgcmd → %ProgramFiles%\Support.com\bin\tgcmd.exe → Qwest [Ver = 5,5,726,0 | Size = 1851392 bytes | Modified Date = 11/18/2005 10:33:00 PM | Attr = R ]
TkBellExe → %CommonProgramFiles%\Real\Update_OB\realsched.exe → RealNetworks, Inc. [Ver = 0.1.0.4081 | Size = 185632 bytes | Modified Date = 8/2/2007 5:49:04 AM | Attr = ]
YSearchProtection → %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe → Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 7:59:38 AM | Attr = ]
< OptionalComponents [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ →
IMAIL → Installed = 1 →
MAPI → Installed = 1 →
MSFS → Installed = 1 →
< Run [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
BackupNotify → %ProgramFiles%\HP\Digital Imaging\bin\backupnotify.exe → Hewlett-Packard Company [Ver = 2004.01.08.0 | Size = 32768 bytes | Modified Date = 1/9/2004 1:34:10 AM | Attr = ]
YSearchProtection → %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe → Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 7:59:38 AM | Attr = ]
< Common Startup > → C:\Documents and Settings\All Users\Start Menu\Programs\Startup →
%AllUsersStartup%\Image Transfer.lnk → %ProgramFiles%\Sony Corporation\Image Transfer\SonyTray.exe → [Ver = | Size = 73728 bytes | Modified Date = 10/16/2002 7:20:20 PM | Attr = ]
%AllUsersStartup%\Status Monitor.lnk → %ProgramFiles%\Brother\Brmfcmon\BrMfcWnd.exe → Brother Industries, Ltd. [Ver = 1, 0, 5, 4 | Size = 819200 bytes | Modified Date = 3/26/2004 6:30:12 PM | Attr = ]
< User Startup > → C:\Documents and Settings\Owner\Start Menu\Programs\Startup →
%UserStartup%\MySurvey Messenger.lnk → %ProgramFiles%\MySurvey Messenger\MySurveyMessenger.exe → [Ver = 1, 0, 0, 1 | Size = 651264 bytes | Modified Date = 7/2/2007 2:46:10 PM | Attr = ]
< SecurityProviders [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders →
< Winlogon settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon\Notify settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ →
igfxcui → %System32%\igfxsrvc.dll → Intel Corporation [Ver = 3.0.0.3889 | Size = 344064 bytes | Modified Date = 8/20/2004 6:50:54 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveAutoRun → 67108863 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun → 255 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} → 1073741857 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1} → 32 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\dontdisplaylastusername → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticecaption → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticetext → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\shutdownwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\undockwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ → →

system · 2008-01-03T17:30:32.000Z

< CurrentVersion Policy Settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun → 0 →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ → →
< HOSTS File > (27 bytes) → C:\WINDOWS\System32\drivers\etc\Hosts →
127.0.0.1 localhost → →
< Internet Explorer Settings > → →
HKLM: Default_Page_URL → http://go.microsoft.com/fwlink/?LinkId=69157 →
HKLM: Main\Default_Search_URL → http://go.microsoft.com/fwlink/?LinkId=54896 →
HKLM: Local Page → %SystemRoot%\system32\blank.htm →
HKLM: Search Bar → http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop →
HKLM: Search Page → http://go.microsoft.com/fwlink/?LinkId=54896 →
HKLM: Start Page → http://www.yahoo.com →
HKLM: CustomizeSearch → http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm →
HKLM: SearchAssistant → http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm →
HKCU: Default_Search_URL → http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop →
HKCU: Local Page → C:\WINDOWS\System32\blank.htm →
HKCU: Search Page → http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch →
HKCU: Start Page → http://www.yahoo.com →
HKCU: URLSearchHooks\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] → Yahoo! Inc. [Ver = 2007, 8, 22, 1 | Size = 816912 bytes | Modified Date = 8/22/2007 6:30:18 PM | Attr = ]
HKCU: ProxyEnable → 0 →
HKCU: ProxyOverride → localhost →

system · 2008-01-03T17:32:40.000Z

< Trusted Sites > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
msn.com [ - ] → →
< BHO’s > → HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ →
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [&Yahoo! Toolbar Helper] → Yahoo! Inc. [Ver = 2007, 8, 22, 1 | Size = 816912 bytes | Modified Date = 8/22/2007 6:30:18 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] → %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] → Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr = ]
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] → %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] → RealPlayer [Ver = 1.0.0.333 | Size = 279928 bytes | Modified Date = 8/2/2007 5:49:18 AM | Attr = ]
< Internet Explorer Bars [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ →
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
< Internet Explorer ToolBars [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar →
[HKLM] → Reg Data - Key not found [Reg Data - Value does not exist] → File not found
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\HP\digital imaging\bin\hpdtlk02.dll [HP view] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 12:26:26 PM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] → Yahoo! Inc. [Ver = 2007, 8, 22, 1 | Size = 816912 bytes | Modified Date = 8/22/2007 6:30:18 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ →
ShellBrowser\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\HP\digital imaging\bin\hpdtlk02.dll [HP view] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 12:26:26 PM | Attr = ]
WebBrowser\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
WebBrowser\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] → %ProgramFiles%\HP\digital imaging\bin\hpdtlk02.dll [HP view] → Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 12:26:26 PM | Attr = ]
WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] → Yahoo! Inc. [Ver = 2007, 8, 22, 1 | Size = 816912 bytes | Modified Date = 8/22/2007 6:30:18 PM | Attr = ]

system · 2008-01-03T17:33:16.000Z

< Internet Explorer Extensions [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ →
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] → Reg Data - Key not found [MenuText: Sun Java Console] → File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} → Reg Data - Value does not exist [ButtonText: Research] → File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] → Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] → File not found
< Internet Explorer Menu Extensions [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ →
E&xport to Microsoft Excel → → File not found
< User Agent Post Platform [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform →
SV1 → →
< DNS Name Servers [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ →
{5AEF64FB-479F-4850-91ED-1EF99CD75A23} → (Realtek RTL8139/810x Family Fast Ethernet NIC) →
{6CC8F273-D1F2-4348-8C35-03DBC855E913} → () →
{AF7B24A7-C28D-442D-A270-8E74B216D4B2} → (SMC EZ Connect USB/Ethernet Series Converter) →
{F74557C2-F377-48F8-A9F9-B72B58E7E9C3} → (NETGEAR WG311v2 802.11g Wireless PCI Adapter) →
< Protocol Handlers [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ →
cetihpz → %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll → Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 12/22/2003 3:38:40 PM | Attr = ]
ipp → Reg Data - Key not found → File not found
msdaipp → Reg Data - Key not found → File not found
< Downloaded Program Files > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ →
{193C772A-87BE-4B19-A7BB-445B226FE9A1} → ewidoOnlineScan Control - CodeBase = http://downloads.ewido.net/ewidoOnlineScan.cab →
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} → YInstStarter Class - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab →
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} → - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab →
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} → InetDownload Class - CodeBase = https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab →
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} → Get_ActiveX Control - CodeBase = https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx →

system · 2008-01-03T17:36:02.000Z

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultLaunchPermission →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\EnableDCOM → Y →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MachineLaunchRestriction →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MachineAccessRestriction →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{A50398B8-9075-4FBF-A7A1-456BF21937AD} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{AD65A69D-3831-40D7-9629-9B0B50A93843} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{0040D221-54A1-11D1-9DE0-006097042D69} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\System.EnterpriseServices.Thunk.dll → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ → →

system · 2008-01-03T17:37:55.000Z

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. → →
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages → msv1_0; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Bounds →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages → kerberos;msv1_0;schannel;wdigest; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LsaPid → 560 →

system · 2008-01-03T17:38:34.000Z

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SecureBoot → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\auditbaseobjects → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\crashonauditfail → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\disabledomaincreds → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\everyoneincludesanonymous → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\forceguest → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fullprivilegeauditing →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\limitblankpassworduse → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\nodefaultadminowner → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\nolmhash → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymoussam → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages → scecli; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ImpersonatePrivilegeUpgradeToolHasRun → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\enabledcom → y →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ProviderOrder → Windows NT Access Provider; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ProviderPath → %SystemRoot%\system32\ntmarta.dll →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ → →

system · 2008-01-03T17:39:23.000Z

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\Pattern → ÑD»óä“Â/ò½PR4ýÝ82132fde
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\GrafBlumGroup → “Ÿ.®÷¹
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\Lookup → ð1}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ntlmminclientsec → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ntlmminserversec → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\SkewMatrix → A”qçP¢Äüa˜Î¡¨w#b →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\SSOURL → http://www.passport.com →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\Time → þ¡€ÐÅ →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Name → Digest →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Comment → Digest SSPI Authentication Package →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Capabilities → 164

system · 2008-01-03T17:40:06.000Z

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\RpcId → 65535 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Version → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\TokenSize → 65535 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Time →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\Type → 49 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Name → DPA →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Comment → DPA Security Package →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Capabilities → 55 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\RpcId → 17 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Version → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\TokenSize → 768 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Time →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\Type → 49 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Name → MSN →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Comment → MSN Security Package →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Capabilities → 55 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\RpcId → 18 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Version → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\TokenSize → 768 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Time → €oã”øyÄ →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\Type → 49 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Type → 32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start → 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ErrorControl → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ImagePath → %SystemRoot%\System32\svchost.exe -k netsvcs →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\DisplayName → Windows Firewall/Internet Connection Sharing (ICS) →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\DependOnService → Netman;WinMgmt; →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\DependOnGroup → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ObjectName → LocalSystem →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Description → Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ → →

system · 2008-01-03T17:42:25.000Z

11490

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ServiceDll → %SystemRoot%\System32\ipnathlp.dll →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\139:TCP → 139:TCP::Enabled:@xpsp2res.dll,-22004 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\445:TCP → 445:TCP::Enabled:@xpsp2res.dll,-22005 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\137:UDP → 137:UDP::Enabled:@xpsp2res.dll,-22001 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\138:UDP → 138:UDP::Enabled:@xpsp2res.dll,-22002 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\139:TCP → 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\445:TCP → 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\137:UDP → 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\138:UDP → 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\1900:UDP → 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\2869:TCP → 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 →

system · 2008-01-03T17:43:08.000Z

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\Security →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ServiceUpgrade → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\{5AEF64FB-479F-4850-91ED-1EF99CD75A23} → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\{D92B6F0E-77F4-4E32-AEEF-1AFCB53CDEBB} → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\All → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\0 → Root\LEGACY_SHAREDACCESS\0000 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\Count → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\NextInstance → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Type → 32 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Start → 2 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ErrorControl → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ImagePath → %systemroot%\system32\svchost.exe -k netsvcs →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\DisplayName → Automatic Updates →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ObjectName → LocalSystem →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Description → Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ServiceDll → C:\WINDOWS\system32\wuauserv.dll →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\Security →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\0 → Root\LEGACY_WUAUSERV\0000 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\Count → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\NextInstance → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry not found. → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr not found. → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ → →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable → 0 →

system · 2008-01-03T17:43:57.000Z

[Files/Folders - Created Within 30 days]
QooBox → %SystemDrive%\QooBox → [Folder | Created Date = 1/2/2008 2:09:37 PM | Attr = ]
$NtUninstallKB941568$ → %SystemRoot%$NtUninstallKB941568$ → [Folder | Created Date = 12/11/2007 7:18:41 PM | Attr = H ]
$NtUninstallKB941569$ → %SystemRoot%$NtUninstallKB941569$ → [Folder | Created Date = 12/11/2007 7:19:07 PM | Attr = H ]
$NtUninstallKB942615$ → %SystemRoot%$NtUninstallKB942615$ → [Folder | Created Date = 12/11/2007 7:18:28 PM | Attr = H ]
$NtUninstallKB942763$ → %SystemRoot%$NtUninstallKB942763$ → [Folder | Created Date = 12/11/2007 7:19:13 PM | Attr = H ]
$NtUninstallKB942840$ → %SystemRoot%$NtUninstallKB942840$ → [Folder | Created Date = 12/11/2007 7:20:22 PM | Attr = H ]
$NtUninstallKB944653$ → %SystemRoot%$NtUninstallKB944653$ → [Folder | Created Date = 12/11/2007 7:18:17 PM | Attr = H ]
$NtUninstallKB946627$ → %SystemRoot%$NtUninstallKB946627$ → [Folder | Created Date = 12/20/2007 8:21:17 PM | Attr = H ]
erdnt → %SystemRoot%\erdnt → [Folder | Created Date = 1/3/2008 2:15:03 PM | Attr = ]
NirCmd.exe → %SystemRoot%\NirCmd.exe → NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/2/2008 2:09:34 PM | Attr = ]
actskin4.ocx → %System32%\actskin4.ocx → [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 12/14/2007 9:29:53 AM | Attr = ]
aswBoot.exe → %System32%\aswBoot.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Created Date = 12/14/2007 9:29:53 AM | Attr = ]
AvastSS.scr → %System32%\AvastSS.scr → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Created Date = 12/14/2007 9:30:00 AM | Attr = ]
swreg.exe → %System32%\swreg.exe → SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 1/2/2008 2:09:34 PM | Attr = ]
swsc.exe → %System32%\swsc.exe → SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 1/2/2008 2:09:34 PM | Attr = ]
swxcacls.exe → %System32%\swxcacls.exe → SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 1/2/2008 2:09:34 PM | Attr = ]
VFind.exe → %System32%\VFind.exe → [Ver = | Size = 49152 bytes | Created Date = 1/2/2008 2:09:34 PM | Attr = ]
aavmker4.sys → %System32%\drivers\aavmker4.sys → ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Created Date = 12/14/2007 9:30:02 AM | Attr = ]
aswmon.sys → %System32%\drivers\aswmon.sys → ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 12/14/2007 9:29:59 AM | Attr = ]
aswmon2.sys → %System32%\drivers\aswmon2.sys → ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Created Date = 12/14/2007 9:29:59 AM | Attr = ]
aswRdr.sys → %System32%\drivers\aswRdr.sys → ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Created Date = 12/14/2007 9:30:04 AM | Attr = ]
aswTdi.sys → %System32%\drivers\aswTdi.sys → ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Created Date = 12/14/2007 9:30:03 AM | Attr = ]

system · 2008-01-03T17:44:31.000Z

[Files/Folders - Modified Within 30 days]
Documents and Settings → %SystemDrive%\Documents and Settings → [Folder | Modified Date = 1/2/2008 1:39:20 PM | Attr = ]
hiberfil.sys → %SystemDrive%\hiberfil.sys → [Ver = | Size = 528011264 bytes | Modified Date = 1/4/2008 8:29:16 AM | Attr = HS]
Program Files → %ProgramFiles% → [Folder | Modified Date = 1/3/2008 2:30:52 PM | Attr = ]
QooBox → %SystemDrive%\QooBox → [Folder | Modified Date = 1/3/2008 2:21:42 PM | Attr = ]
System Volume Information → %SystemDrive%\System Volume Information → [Folder | Modified Date = 1/2/2008 2:09:40 PM | Attr = HS]
WINDOWS → %SystemRoot% → [Folder | Modified Date = 1/4/2008 8:29:30 AM | Attr = ]
$hf_mig$ → %SystemRoot%$hf_mig$ → [Folder | Modified Date = 12/20/2007 8:20:44 PM | Attr = H ]
$NtUninstallKB941568$ → %SystemRoot%$NtUninstallKB941568$ → [Folder | Modified Date = 12/11/2007 7:18:42 PM | Attr = H ]
$NtUninstallKB941569$ → %SystemRoot%$NtUninstallKB941569$ → [Folder | Modified Date = 12/11/2007 7:19:08 PM | Attr = H ]
$NtUninstallKB942615$ → %SystemRoot%$NtUninstallKB942615$ → [Folder | Modified Date = 12/11/2007 7:18:34 PM | Attr = H ]
$NtUninstallKB942763$ → %SystemRoot%$NtUninstallKB942763$ → [Folder | Modified Date = 12/11/2007 7:19:14 PM | Attr = H ]
$NtUninstallKB942840$ → %SystemRoot%$NtUninstallKB942840$ → [Folder | Modified Date = 12/11/2007 7:20:24 PM | Attr = H ]
$NtUninstallKB944653$ → %SystemRoot%$NtUninstallKB944653$ → [Folder | Modified Date = 12/11/2007 7:18:18 PM | Attr = H ]
$NtUninstallKB946627$ → %SystemRoot%$NtUninstallKB946627$ → [Folder | Modified Date = 12/20/2007 8:21:18 PM | Attr = H ]
bootstat.dat → %SystemRoot%\bootstat.dat → [Ver = | Size = 2048 bytes | Modified Date = 1/4/2008 8:29:18 AM | Attr = S]
Downloaded Program Files → %SystemRoot%\Downloaded Program Files → [Folder | Modified Date = 1/2/2008 9:43:26 AM | Attr = S]
erdnt → %SystemRoot%\erdnt → [Folder | Modified Date = 1/3/2008 2:15:04 PM | Attr = ]
Help → %SystemRoot%\Help → [Folder | Modified Date = 12/11/2007 2:34:22 PM | Attr = ]
imsins.BAK → %SystemRoot%\imsins.BAK → [Ver = | Size = 1393 bytes | Modified Date = 12/11/2007 7:20:26 PM | Attr = ]
inf → %SystemRoot%\inf → [Folder | Modified Date = 12/20/2007 8:21:26 PM | Attr = H ]
Prefetch → %SystemRoot%\Prefetch → [Folder | Modified Date = 1/4/2008 10:08:36 AM | Attr = ]
system.ini → %SystemRoot%\system.ini → [Ver = | Size = 227 bytes | Modified Date = 1/3/2008 2:17:14 PM | Attr = ]
system32 → %System32% → [Folder | Modified Date = 1/3/2008 2:16:42 PM | Attr = ]
Tasks → %SystemRoot%\Tasks → [Folder | Modified Date = 1/3/2008 2:14:44 PM | Attr = S]
Temp → %SystemRoot%\Temp → [Folder | Modified Date = 1/4/2008 8:30:06 AM | Attr = ]
win.ini → %SystemRoot%\win.ini → [Ver = | Size = 800 bytes | Modified Date = 1/2/2008 12:51:04 PM | Attr = ]
SA.DAT → %SystemRoot%\tasks\SA.DAT → [Ver = | Size = 6 bytes | Modified Date = 1/4/2008 8:29:22 AM | Attr = H ]
CatRoot2 → %System32%\CatRoot2 → [Folder | Modified Date = 1/2/2008 9:43:26 AM | Attr = ]
config → %System32%\config → [Folder | Modified Date = 1/3/2008 2:15:16 PM | Attr = ]
CONFIG.NT → %System32%\CONFIG.NT → [Ver = | Size = 2626 bytes | Modified Date = 12/14/2007 9:30:04 AM | Attr = ]
dllcache → %System32%\dllcache → [Folder | Modified Date = 12/11/2007 7:20:26 PM | Attr = RHS]
drivers → %System32%\drivers → [Folder | Modified Date = 1/3/2008 2:17:00 PM | Attr = ]
Restore → %System32%\Restore → [Folder | Modified Date = 1/2/2008 2:09:40 PM | Attr = ]
wpa.dbl → %System32%\wpa.dbl → [Ver = | Size = 1158 bytes | Modified Date = 1/4/2008 8:29:40 AM | Attr = ]
etc → %System32%\drivers\etc → [Folder | Modified Date = 1/3/2008 2:16:58 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , → %SystemDrive%\crash.txt → [Ver = | Size = 866536 bytes | Modified Date = 1/17/2005 11:09:28 PM | Attr = ]
PECompact2 , qoologic , SAHAgent , → %SystemRoot%\LPT$VPN.363 → [Ver = | Size = 12104615 bytes | Modified Date = 1/20/2005 12:35:56 PM | Attr = ]
UPX! , UPX0 , → %SystemRoot%\tsc.exe → Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Modified Date = 1/20/2005 12:35:56 PM | Attr = ]
PECompact2 , qoologic , SAHAgent , → %SystemRoot%\VPTNFILE.363 → [Ver = | Size = 12104615 bytes | Modified Date = 1/20/2005 12:35:56 PM | Attr = ]
UPX! , aspack , → %SystemRoot%\vsapi32.dll → Trend Micro Inc. [Ver = 7.000-1004 | Size = 1036800 bytes | Modified Date = 1/20/2005 12:35:56 PM | Attr = ]
WSUD , → %System32%\ALSNDMGR.CPL → Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 9/20/2004 6:20:44 PM | Attr = ]
UPX! , UPX0 , → %System32%\aswBoot.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Modified Date = 12/4/2007 6:04:28 AM | Attr = ]
PEC2 , → %System32%\dfrg.msc → [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
PTech , → %System32%\igfxhcsy.lhp → [Ver = | Size = 59914 bytes | Modified Date = 8/20/2004 6:56:24 PM | Attr = ]
Thawte Consulting , → %System32%\rmoc3260.dll → RealNetworks, Inc. [Ver = 6.0.9.2884 | Size = 185688 bytes | Modified Date = 8/2/2007 5:49:12 AM | Attr = ]
UPX! , UPX0 , → %System32%\swreg.exe → SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
UPX! , UPX0 , → %System32%\swsc.exe → SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
winsync , → %System32%\wbdbase.deu → [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
WSUD , UPX0 , → %System32%\dllcache\hwxjpn.dll → [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
PTech , → %System32%\drivers\mtlstrm.sys → Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]

< End of report >

oldman960 · 2008-01-05T07:42:49.000Z

Hey Nic_1

Not seeing anything in there.

If you still are having problems I suggest an online scan at

http://www.eset.com/onlinescan/

system · 2008-01-05T13:30:59.000Z

Thank You Oldman…I’m not having any problems w/the trojan…apparently, the last deep scan took care of it when it allowed me to place it in the chest.
Also, many thanks to Essexboy.
Has anyone yet identified where/when and the type of trojan it is?

essexboy · 2008-01-05T17:32:09.000Z

My apologies for not replying earlier but I did not appear to receive my notification ???

Announcements