 Infected By Virusprotect |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jan 14 2008, 11:22 AM
Post
#1
|
|
|
Member  Group: Members Posts: 16 Joined: 14-January 08 Member No.: 183,400  |
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:19:33, on 14/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\O2\bin\sprtsvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\sony\vaio update 2\VAIOUpdt.exe C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\O2\bin\sprtcmd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Nazam Hussain\Desktop\HijackThis.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: (no name) - {BA0BACB5-FC95-451E-94D2-4959AB0949D2} - C:\Program Files\Video Add-on\isfmdl.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [face bin load show] C:\Documents and Settings\All Users\Application Data\title tool face bin\MAPI RDR.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2 O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 O4 - HKCU\..\Run: [Meal Media] C:\DOCUME~1\NAZAMH~1\APPLIC~1\STYLES~1\rdr view meta.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\br4743on.exe" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Recording Status.lnk = C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 11176 bytes |
 |
 
|
|
Jan 23 2008, 03:15 PM
Post
#2
|
|
 Malware Expert Group: HJT Team Posts: 10,983 Joined: 28-January 05 From: Holland Michigan USA Member No.: 10,782 |
Hello saika21 and welcome to the BC HijackThis forum. Let's look a little deeper and see what we find.
Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop. Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
CODE C:\Documents and Settings\All Users\Application Data\title tool face bin\*.* /s If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file. Cheers. OT -------------------- I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer  |
|
|
|
|
Jan 23 2008, 06:32 PM
Post
#3
|
|
|
Member Group: Members Posts: 16 Joined: 14-January 08 Member No.: 183,400 |
hi. thank you for replying. ive followed the above instructions and heres my log file i got:
WinPFind35 logfile created on: 23/01/2008 23:25:55 WinPFind35U Version Beta34 Folder = C:\Documents and Settings\Nazam Hussain\Desktop\WinPFind35u Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) 510.79 Mb Total Physical Memory | 129.37 Mb Available Physical Memory | 25.33% Memory free 1.22 Gb Paging File | 0.72 Gb Available in Paging File | 59.26% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 27.95 Gb Total Space | 9.79 Gb Free Space | 35.04% Space Free | Partition Type: NTFS Drive D: | 197.95 Gb Total Space | 141.23 Gb Free Space | 71.34% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: ANISHA Current User Name: Nazam Hussain Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 05/01/2007 08:19:28 | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.53 | Size = 554616 bytes | Modified Date = 11/05/2007 16:03:52 | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr = ] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 15/04/2007 19:38:43 | Attr = ] nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 114754 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ] sprtsvc.exe -> %ProgramFiles%\O2\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 6.9.2224.0 | Size = 202280 bytes | Modified Date = 05/06/2007 08:25:50 | Attr = R ] vzfw.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118877 bytes | Modified Date = 09/07/2004 04:26:54 | Attr = ] vztaskscheduler.exe -> %ProgramFiles%\Sony\vaio entertainment\VzTaskScheduler.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 401408 bytes | Modified Date = 28/07/2004 16:51:08 | Attr = ] vzhardwareresourcemanager.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 69632 bytes | Modified Date = 09/07/2004 04:19:04 | Attr = ] vzrs.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118784 bytes | Modified Date = 09/07/2004 04:27:20 | Attr = ] hkserv.exe -> %ProgramFiles%\Sony\HotKey Utility\HKServ.exe -> Sony Corporation [Ver = 4, 1, 1, 6290 | Size = 122880 bytes | Modified Date = 29/06/2004 21:49:34 | Attr = ] vaioupdt.exe -> %ProgramFiles%\Sony\vaio update 2\VAIOUpdt.exe -> Sony Corporation [Ver = 2, 1, 2, 1140 | Size = 151552 bytes | Modified Date = 14/01/2005 12:43:28 | Attr = ] avrmtctr.exe -> %ProgramFiles%\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe -> [Ver = 1.1.01.08050 | Size = 184320 bytes | Modified Date = 05/08/2004 15:23:34 | Attr = ] pdservice.exe -> %ProgramFiles%\Utimaco\SafeGuard PrivateDisk\pdservice.exe -> Utimaco Safeware AG [Ver = 1.00.6.7 | Size = 40960 bytes | Modified Date = 06/07/2004 13:15:38 | Attr = R ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 10/01/2007 05:59:52 | Attr = ] hkwnd.exe -> %ProgramFiles%\Sony\HotKey Utility\HKWnd.exe -> Sony Corporation [Ver = 4, 1, 1, 6260 | Size = 389120 bytes | Modified Date = 26/06/2004 21:48:42 | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 13/09/2007 11:34:21 | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ] sprtcmd.exe -> %ProgramFiles%\O2\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 198184 bytes | Modified Date = 08/03/2007 19:21:38 | Attr = ] servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 06/11/2006 13:21:10 | Attr = ] acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.0.2003073000 | Size = 217195 bytes | Modified Date = 30/07/2003 01:52:00 | Attr = ] vztrayicon.exe -> %ProgramFiles%\Sony\vaio entertainment\VzTrayIcon.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 208896 bytes | Modified Date = 28/07/2004 16:54:22 | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 01/11/2007 23:48:46 | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 15/04/2007 19:38:47 | Attr = ] winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307200 bytes | Modified Date = 23/01/2008 12:59:16 | Attr = ] [Win32 Services - Non-Microsoft Only] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.53 | Size = 554616 bytes | Modified Date = 11/05/2007 16:03:52 | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] (comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 13/01/2007 03:40:58 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 15/04/2007 19:38:43 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ] (ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 14/01/2007 07:11:06 | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.53 | Size = 2983544 bytes | Modified Date = 11/05/2007 16:03:52 | Attr = ] (LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] (LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 17:30:14 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 114754 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ] (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 06/11/2006 13:21:10 | Attr = ] (sprtsvc_O2) SupportSoft Sprocket Service (O2) [Win32_Own | Auto | Running] -> %ProgramFiles%\O2\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 6.9.2224.0 | Size = 202280 bytes | Modified Date = 05/06/2007 08:25:50 | Attr = R ] (SupportSoft RemoteAssist) SupportSoft RemoteAssist [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SupportSoft\bin\ssrc.exe -> SupportSoft, Inc. [Ver = 6.9.2555.0 | Size = 382320 bytes | Modified Date = 27/07/2007 06:39:32 | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 01/11/2007 23:48:46 | Attr = ] (SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 05/01/2007 08:19:28 | Attr = ] (VAIO Entertainment Aggregation and Control Service) VAIO Entertainment Aggregation and Control Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118784 bytes | Modified Date = 09/07/2004 04:27:20 | Attr = ] (VAIO Entertainment File Import Service) VAIO Entertainment File Import Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118877 bytes | Modified Date = 09/07/2004 04:26:54 | Attr = ] (VAIO Entertainment Task Scheduler) VAIO Entertainment Task Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Sony\vaio entertainment\VzTaskScheduler.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 401408 bytes | Modified Date = 28/07/2004 16:51:08 | Attr = ] (VAIO Entertainment TV Device Arbitration Service) VAIO Entertainment TV Device Arbitration Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 69632 bytes | Modified Date = 09/07/2004 04:19:04 | Attr = ] (VAIO Entertainment UPnP Client Adapter) VAIO Entertainment UPnP Client Adapter [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 278528 bytes | Modified Date = 09/07/2004 04:17:54 | Attr = ] (VAIOMediaPlatform-IntegratedServer-AppServer) VAIO Media Integrated Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\VMISrv.exe -> Sony Corporation [Ver = 3.1.00.07090 | Size = 1826816 bytes | Modified Date = 09/07/2004 16:28:14 | Attr = ] (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> Sony Corporation [Ver = 3.0.00.06160 | Size = 57344 bytes | Modified Date = 16/06/2004 02:42:34 | Attr = ] (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> Sony Corporation [Ver = 6.0.00.06220 | Size = 733184 bytes | Modified Date = 22/06/2004 10:58:14 | Attr = ] (VAIOMediaPlatform-Mobile-Gateway) VAIO Media Gateway Server [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -> Sony Corporation [Ver = 3.1.00.06160 | Size = 188416 bytes | Modified Date = 16/06/2004 02:41:06 | Attr = ] [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 01/04/2002 14:15:00 | Attr = ] (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (Aspi32) Aspi32 [Kernel | Auto | Running] -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Modified Date = 17/07/2002 01:05:10 | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 30/05/2007 12:10:42 | Attr = ] (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 30/05/2007 12:10:42 | Attr = ] (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (DgiVecp) Team MFP Comm Driver [Kernel | Auto | Stopped] -> %System32%\drivers\DGIVECP.SYS -> Samsung Electronics Co., Ltd. [Ver = 1.1.2.40 | Size = 41984 bytes | Modified Date = 11/08/2004 06:39:38 | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (DMICall) Sony DMI Call service [Kernel | System | Running] -> %System32%\drivers\DMICall.sys -> Sony Corporation [Ver = 1.0.01.12050 | Size = 3952 bytes | Modified Date = 05/12/2000 16:18:02 | Attr = R ] (dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.2.0.100 | Size = 389432 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ] (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.2.0.100 | Size = 106808 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19/09/2006 13:44:04 | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.04.01 | Size = 197120 bytes | Modified Date = 14/10/2003 16:08:00 | Attr = ] (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.04.01 | Size = 1043072 bytes | Modified Date = 14/10/2003 16:04:00 | Attr = ] (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (LEX_AS_NIC_SERVICE_YNOS) LAN-Express AS IEEE 802.11g Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %System32%\drivers\ExpasAG.sys -> Atheros Communications, Inc. [Ver = 3.1.2.24 | Size = 392544 bytes | Modified Date = 05/08/2004 08:27:02 | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 09/04/2003 13:48:00 | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070526.023\NAVENG.SYS -> Symantec Corporation [Ver = 20071.2.0.18 | Size = 77688 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070526.023\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.2.0.18 | Size = 852824 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ] (Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.82.3.0 | Size = 9216 bytes | Modified Date = 10/10/2006 07:54:32 | Attr = ] (Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 07:54:32 | Attr = ] (Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.82.3.0 | Size = 138240 bytes | Modified Date = 10/10/2006 07:54:34 | Attr = ] (Nokia USB Port) Nokia USB Port [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcj.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 07:54:32 | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 2484352 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Running] -> %System32%\drivers\Pcouffin.sys -> VSO Software [Ver = 1.35 | Size = 47360 bytes | Modified Date = 07/01/2007 20:29:36 | Attr = ] (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (PrivateDisk) PrivateDisk [Kernel | System | Running] -> %System32%\drivers\privatediskm.sys -> Utimaco Safeware AG [Ver = 1.00.6.7 | Size = 45627 bytes | Modified Date = 06/07/2004 13:07:06 | Attr = R ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 18/04/2006 22:34:55 | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\R8139n51.sys -> Realtek Semiconductor Corporation [Ver = 5.504.613.2002 built by: WinDDK | Size = 45568 bytes | Modified Date = 13/06/2002 11:37:16 | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:53 | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (smrt) Sony MPEG RealTime encoder board [Kernel | On_Demand | Running] -> %System32%\drivers\smrt.sys -> Sony Corporation [Ver = 1.2.04.07070 | Size = 774784 bytes | Modified Date = 07/07/2004 16:53:38 | Attr = ] (smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3860 | Size = 594048 bytes | Modified Date = 01/10/2003 14:48:24 | Attr = ] (SNC) Sony Notebook Control Device [Kernel | On_Demand | Running] -> %System32%\drivers\SonyNC.sys -> Sony Corporation [Ver = 6.0.1.08290 | Size = 48896 bytes | Modified Date = 09/11/2000 19:15:08 | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 3.2.1.3 | Size = 417592 bytes | Modified Date = 01/02/2007 02:21:02 | Attr = ] (SRTSP) SRTSP [File_System | On_Demand | Running] -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 30/11/2007 23:57:12 | Attr = ] (SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 30/11/2007 23:57:12 | Attr = ] (SRTSPX) SRTSPX [Kernel | System | Running] -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 30/11/2007 23:57:12 | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %System32%\drivers\symdns.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 12848 bytes | Modified Date = 30/10/2007 19:55:14 | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] (SYMFW) SYMFW [Kernel | On_Demand | Running] -> %System32%\drivers\symfw.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 145968 bytes | Modified Date = 30/10/2007 19:55:20 | Attr = ] (SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %System32%\drivers\symids.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 39856 bytes | Modified Date = 30/10/2007 19:55:28 | Attr = ] (SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070525.001\SymIDSCo.sys -> Symantec Corporation [Ver = 7.2.1.1 | Size = 185976 bytes | Modified Date = 14/02/2007 15:51:40 | Attr = ] (SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %System32%\drivers\symndis.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 35120 bytes | Modified Date = 30/10/2007 19:55:24 | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 27696 bytes | Modified Date = 30/10/2007 19:55:34 | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 191536 bytes | Modified Date = 30/10/2007 19:55:38 | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (tifmsony) tifmsony [Kernel | On_Demand | Running] -> %System32%\drivers\tifmsony.sys -> Texas Instruments [Ver = 1.0.2.0 | Size = 65024 bytes | Modified Date = 21/05/2004 13:46:50 | Attr = ] (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.04.01 built by: WinDDK | Size = 679808 bytes | Modified Date = 14/10/2003 16:05:00 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 02:06:32 | Attr = ] Bron-Spizaetus -> -> File not found ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 10/01/2007 05:59:52 | Attr = ] face bin load show -> %AllUsersAppData%\title tool face bin\MAPI RDR.exe -> [Ver = | Size = 511488 bytes | Modified Date = 23/01/2008 09:00:28 | Attr = ] HKSERV.EXE -> %ProgramFiles%\Sony\HotKey Utility\HKServ.exe -> Sony Corporation [Ver = 4, 1, 1, 6290 | Size = 122880 bytes | Modified Date = 29/06/2004 21:49:34 | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ] NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 4136960 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ] O2 -> %ProgramFiles%\O2\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 198184 bytes | Modified Date = 08/03/2007 19:21:38 | Attr = ] osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 14/01/2007 07:11:10 | Attr = ] PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 2 | Size = 222720 bytes | Modified Date = 28/11/2006 13:12:12 | Attr = ] PDService.exe -> %ProgramFiles%\Utimaco\SafeGuard PrivateDisk\pdservice.exe -> Utimaco Safeware AG [Ver = 1.00.6.7 | Size = 40960 bytes | Modified Date = 06/07/2004 13:15:38 | Attr = R ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 29/06/2007 05:24:52 | Attr = ] Samsung Common SM -> %SystemRoot%\Samsung\ComSMMgr\ssmmgr.exe -> File not found Samsung PanelMgr -> %SystemRoot%\Samsung\PanelMgr\SSMMgr.exe -> [Ver = 2, 5, 7, 0 | Size = 507904 bytes | Modified Date = 07/06/2006 11:25:14 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ] Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 17:30:14 | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 13/09/2007 11:34:21 | Attr = ] VAIO Update 2 -> %ProgramFiles%\Sony\vaio update 2\VAIOUpdt.exe -> Sony Corporation [Ver = 2, 1, 2, 1140 | Size = 151552 bytes | Modified Date = 14/01/2005 12:43:28 | Attr = ] VZRemoteCommander -> %ProgramFiles%\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe -> [Ver = 1.1.01.08050 | Size = 184320 bytes | Modified Date = 05/08/2004 15:23:34 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> -> File not found AdobeUpdater -> %CommonProgramFiles%\Adobe\Updater5\AdobeUpdater.exe -> Adobe Systems Incorporated [Ver = 5, 1, 0, 1082 | Size = 2321600 bytes | Modified Date = 01/03/2007 09:37:52 | Attr = R ] Meal Media -> %UserAppData%\STYLE SAVE\rdr view meta.exe -> [Ver = | Size = 528896 bytes | Modified Date = 25/08/2007 22:28:20 | Attr = ] Sonic RecordNow! -> -> File not found swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 15/04/2007 19:38:47 | Attr = ] Tok-Cirrhatus -> -> File not found updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersStartup%\Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.0.2003073000 | Size = 217195 bytes | Modified Date = 30/07/2003 01:52:00 | Attr = ] %AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 06/08/2002 13:37:50 | Attr = ] %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> File not found %AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 08/08/2007 16:14:52 | Attr = ] %AllUsersStartup%\Recording Status.lnk -> %ProgramFiles%\Sony\vaio entertainment\VzTrayIcon.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 208896 bytes | Modified Date = 28/07/2004 16:54:22 | Attr = ] < Nazam Hussain Startup Folder > -> C:\Documents and Settings\Nazam Hussain\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 12:29:58 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD -> 0 -> < HOSTS File > (4102 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 83 domain(s) found. -> sony-europe.com .[*] -> Trusted sites -> sonystyle-europe.com .[*] -> Trusted sites -> vaio-link.com .[*] -> Trusted sites -> 4 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 19 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 05/01/2006 12:30:40 | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 96936 bytes | Modified Date = 12/01/2007 07:04:50 | Attr = R ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 08/08/2007 16:14:56 | Attr = ] {BA0BACB5-FC95-451E-94D2-4959AB0949D2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Video Add-on\isfmdl.dll [Reg Error: Value does not exist or could not be read.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ] {53E0B6E8-A51D-448B-B692-40B67B285543} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {90222687-F593-4738-B738-FBEE9C7B26DF} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 607888 bytes | Modified Date = 12/01/2007 07:05:00 | Attr = R ] {D0943516-5076-4020-A3B5-AEFAF26AB263} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [Veoh Browser Plug-in] -> Veoh Networks Inc [Ver = 1.0.1.6 | Size = 352256 bytes | Modified Date = 03/10/2007 16:21:58 | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 05/01/2006 12:30:40 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ] ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 05/01/2006 12:30:40 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ] CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73F01} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{9034A523-D068-4BE8-A284-9DF278BE776E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {0AD556B7-CE2B-426E-A401-F5D456FD8276} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {1335DBA4-071C-426E-9B58-955733A6F006} -> (Windows Mobile-based Device) -> {2647C2CD-5992-467D-BFDC-838210AA5A62} -> (LAN-Express AS IEEE 802.11g miniPCI Adapter) -> {55186764-8139-4AE9-9EE6-9C1B67CB2939} -> (1394 Net Adapter) -> {67C386F0-A76E-4280-BCC6-20BEE05B999F} -> () -> {BC963A18-731B-458B-B7A7-DC142A0D2D47} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found mctp:{d7b95390-b1c5-11d0-b111-0080c712fe82} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft ActiveSync\aatp.dll[mctp: Asynchronous Pluggable Protocol Handler] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] -> http://downloads.ewido.net/ewidoOnlineScan.cab[ewidoOnlineScan Control] -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[Symantec AntiVirus scanner] -> {644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[Symantec RuFSI Utility Class] -> {7B297BFD-85E4-4092-B2AF-16A91B2EA103}[HKEY_LOCAL_MACHINE] -> http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[WScanCtl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2_05] -> {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_07] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...ash/swflash.cab[Shockwave Flash Object] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 17:49:30 | Attr = ] msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 14:21:15 | Attr = ] wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 572 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 235188 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0\255.255 [26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\LEXPPS.EXE -> C:\WINDOWS\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe -> C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe [C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe:*:Enabled:µTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Wajid\Wajid1\utorrent.exe -> D:\Wajid\Wajid1\utorrent.exe [D:\Wajid\Wajid1\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 174163 bytes | Modified Date = 11/11/2006 14:54:10 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Wajid\utorrent.exe -> D:\Wajid\utorrent.exe [D:\Wajid\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 177152 bytes | Modified Date = 17/02/2007 14:44:21 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 13/10/2004 16:24:37 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Veoh Networks\Veoh\VeohClient.exe -> C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client] -> Veoh Networks [Ver = 3.5.1.1036 | Size = 3313664 bytes | Modified Date = 17/10/2007 00:29:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.4.3.1 | Size = 15997240 bytes | Modified Date = 26/09/2007 13:41:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\O2\bin\wificfg.exe -> C:\Program Files\O2\bin\wificfg.exe [C:\Program Files\O2\bin\wificfg.exe:*:Enabled:sprtcmd.exe] -> SupportSoft, Inc. [Ver = 6.9.2224.0 | Size = 136744 bytes | Modified Date = 20/06/2007 08:36:22 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\O2\agent\bin\bcont.exe -> C:\Program Files\O2\agent\bin\bcont.exe [C:\Program Files\O2\agent\bin\bcont.exe:*:Enabled:bcont.exe] -> SupportSoft, Inc. [Ver = 6.9.2258.0 | Size = 1000056 bytes | Modified Date = 06/08/2007 08:01:06 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -> C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe:*:Enabled:ssrc.exe] -> SupportSoft, Inc. [Ver = 6.9.2555.0 | Size = 382320 bytes | Modified Date = 27/07/2007 06:39:32 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\O2\agent\bin\bcont_nm.exe -> C:\Program Files\O2\agent\bin\bcont_nm.exe [C:\Program Files\O2\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe] -> SupportSoft, Inc. [Ver = 6.9.2258.0 | Size = 1278584 bytes | Modified Date = 20/07/2007 10:53:14 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0\255.255 [26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> BootExecute -> autocheck autochk *; -> ExcludeFromKnownDlls -> -> *PendingFileRenameOperations* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\PendingFileRenameOperations -> \??\C:\DOCUME~1\NAZAMH~1\LOCALS~1\Temp\symlcsv1.exe [\??\C:\DOCUME~1\NAZAMH~1\LOCALS~1\Temp\symlcsv1.exe] -> %LocalSettings%\Temp\symlcsv1.exe [%LocalSettings%\Temp\symlcsv1.exe] -> [Ver = | Size = 58760 bytes | Modified Date = 23/01/2008 09:01:30 | Attr = ] *MultiFile Done* -> -> < Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] TEMP -> %SystemRoot%\TEMP -> TMP -> %SystemRoot%\TEMP -> windir -> %SystemRoot% -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\PC Connectivity Solution\ -> %ProgramFiles%\PC Connectivity Solution -> [Folder | Modified Date = 23/06/2007 17:23:16 | Attr = ] %SystemRoot%\system32 -> %System32% -> [Folder | Modified Date = 20/01/2008 21:07:36 | Attr = ] %SystemRoot% -> %SystemRoot% -> [Folder | Modified Date = 20/01/2008 23:46:33 | Attr = ] %SystemRoot%\System32\Wbem -> %System32%\wbem -> [Folder | Modified Date = 12/02/2007 19:09:07 | Attr = ] C:\Program Files\Common Files\Teleca Shared -> -> File not found C:\Program Files\QuickTime\QTSystem\ -> %ProgramFiles%\QuickTime\QTSystem -> [Folder | Modified Date = 08/10/2007 19:50:06 | Attr = ] *MultiFile Done* -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> .COM -> File not found .EXE -> .EXE -> File not found .BAT -> .BAT -> File not found .CMD -> .CMD -> File not found .VBS -> .VBS -> File not found .VBE -> .VBE -> File not found .JS -> .JS -> File not found .JSE -> .JSE -> File not found .WSF -> .WSF -> File not found .WSH -> .WSH -> File not found *MultiFile Done* -> -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|F itWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOu t|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs |FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Che ck Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEd iting|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHide ToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|Sh owHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProductio n|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHi deToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|Show HideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignat ures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|Add FileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|H elpUserGuide|HelpReader -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade [version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class: 3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|. hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse: 3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|. mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst :3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|. scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe: 3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|. zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|m ailto:2|file:1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownMedia -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownBrowse -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\\Enabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> *ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE -> -> File not found ADP -> -> File not found BAS -> -> File not found BAT -> -> File not found CHM -> -> File not found CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] COM -> -> File not found CPL -> -> File not found CRT -> -> File not found EXE -> -> File not found HLP -> -> File not found HTA -> -> File not found INF -> -> File not found INS -> -> File not found ISP -> -> File not found LNK -> -> File not found MDB -> -> File not found MDE -> -> File not found MSC -> -> File not found MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 18/04/2007 16:12:23 | Attr = ] MSP -> -> File not found MST -> -> File not found OCX -> -> File not found PCD -> -> File not found PIF -> -> File not found REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] SCR -> -> File not found SHS -> -> File not found URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 37888 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] VB -> -> File not found WSC -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ̋ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ȅ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> Ζ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> Ų -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Utimaco\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Utimaco\SafeGuard PrivateDisk\ -> -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> [Files/Folders - Created Within 30 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535678976 bytes | Created Date = 14/01/2008 15:30:06 | Attr = HS] dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 05/01/2008 15:36:36 | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] {4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> %SystemRoot%\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> [Ver = | Size = 728 bytes | Created Date = 20/01/2008 23:46:06 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 14/01/2008 14:35:51 | Attr = ] @Alternate Data Stream - 119 bytes -> %AllUsersAppData%\TEMP:18B7103A 01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> [Ver = | Size = 6224000 bytes | Created Date = 21/01/2008 21:51:26 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3:Zone.Identifier fcuk.wps -> %UserDesktop%\fcuk.wps -> [Ver = | Size = 12800 bytes | Created Date = 28/12/2007 15:38:34 | Attr = ] HijackThis.exe -> %UserDesktop%\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 14/01/2008 16:16:33 | Attr = ] LA795035 Title register-339 bburn road.pdf -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf -> [Ver = | Size = 5057 bytes | Created Date = 21/01/2008 09:06:24 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf:Zone.Identifier Ni Nachele Mix.wav -> %UserDesktop%\Ni Nachele Mix.wav -> [Ver = | Size = 10099874 bytes | Created Date = 20/01/2008 21:13:07 | Attr = ] O2 Broadband Assistant.lnk -> %UserDesktop%\O2 Broadband Assistant.lnk -> [Ver = | Size = 1939 bytes | Created Date = 20/01/2008 23:46:21 | Attr = ] Prison[1].Break.S03E10.720p.HDTV.x264-CTU.torrent -> %UserDesktop%\Prison[1].Break.S03E10.720p.HDTV.x264-CTU.torrent -> [Ver = | Size = 46049 bytes | Created Date = 22/01/2008 17:11:45 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\Prison[1].Break.S03E10.720p.HDTV.x264-CTU.torrent:Zone.Identifier Prison[1].Break.S03E10.HDTV.XviD-XORby-abdtouab-saida [myBittorrent.com].torrent -> %UserDesktop%\Prison[1].Break.S03E10.HDTV.XviD-XORby-abdtouab-saida [myBittorrent.com].torrent -> [Ver = | Size = 15512 bytes | Created Date = 22/01/2008 17:13:54 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\Prison[1].Break.S03E10.HDTV.XviD-XORby-abdtouab-saida [myBittorrent.com].torrent:Zone.Identifier SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Created Date = 14/01/2008 15:19:01 | Attr = ] SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1129580 bytes | Created Date = 14/01/2008 15:12:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 23/01/2008 23:17:04 | Attr = ] WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478232 bytes | Created Date = 23/01/2008 23:16:33 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier [Files/Folders - Modified Within 30 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535678976 bytes | Modified Date = 23/01/2008 08:42:50 | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 14/01/2008 15:41:58 | Attr = R ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 20/01/2008 23:46:33 | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Modified Date = 23/01/2008 23:26:16 | Attr = ] hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 4102 bytes | Modified Date = 14/01/2008 15:19:43 | Attr = ] SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10740 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 21/01/2008 22:49:09 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/01/2008 05:08:08 | Attr = RHS] drivers -> %System32%\drivers -> [Folder | Modified Date = 14/01/2008 14:52:39 | Attr = ] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 161136 bytes | Modified Date = 06/01/2008 03:27:24 | Attr = ] NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 05/01/2008 15:41:52 | Attr = ] nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 4452 bytes | Modified Date = 23/01/2008 08:59:57 | Attr = ] S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 23/01/2008 08:59:50 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 09/01/2008 05:32:35 | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 23/01/2008 08:42:56 | Attr = S] cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 3527 bytes | Modified Date = 15/01/2008 19:54:34 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/01/2008 09:39:39 | Attr = S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 03/01/2008 11:08:17 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 10/01/2008 05:07:59 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10/01/2008 05:08:10 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 20/01/2008 23:46:33 | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 23/01/2008 23:17:06 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 23/01/2008 09:00:51 | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 06/01/2008 02:00:52 | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 20/01/2008 21:07:36 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 14/01/2008 15:19:43 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 23/01/2008 23:02:32 | Attr = ] {4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> %SystemRoot%\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> [Ver = | Size = 728 bytes | Modified Date = 20/01/2008 23:46:30 | Attr = ] A72AC4B591CD7851.job -> %SystemRoot%\tasks\A72AC4B591CD7851.job -> [Ver = | Size = 286 bytes | Modified Date = 23/01/2008 23:00:00 | Attr = H ] Norton Internet Security - Run Full System Scan - Nazam Hussain.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Nazam Hussain.job -> [Ver = | Size = 638 bytes | Modified Date = 21/01/2008 21:07:55 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 23/01/2008 08:43:04 | Attr = H ] {22BA5EBE-D659-45B7-9AB0-2356B7031272}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{22BA5EBE-D659-45B7-9AB0-2356B7031272}_ANISHA_Nazam Hussain.job -> [Ver = | Size = 406 bytes | Modified Date = 18/01/2008 16:00:01 | Attr = H ] {8E00338B-AB45-4467-AB49-425216E01E02}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{8E00338B-AB45-4467-AB49-425216E01E02}_ANISHA_Nazam Hussain.job -> [Ver = | Size = 406 bytes | Modified Date = 23/01/2008 16:00:00 | Attr = H ] {A2790A0C-2CC2-4208-A689-8D3FA45DFF79}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{A2790A0C-2CC2-4208-A689-8D3FA45DFF79}_ANISHA_Nazam Hussain.job -> [Ver = | Size = 406 bytes | Modified Date = 23/01/2008 09:00:19 | Attr = H ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Driving Test Success -> %AllUsersAppData%\Driving Test Success -> [Folder | Modified Date = 09/01/2008 10:47:59 | Attr = ] Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Modified Date = 23/01/2008 14:35:19 | Attr = ] TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 14/01/2008 15:07:59 | Attr = ] @Alternate Data Stream - 119 bytes -> %AllUsersAppData%\TEMP:18B7103A GDIPFONTCACHEV1.DAT -> %UserAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 34576 bytes | Modified Date = 07/01/2008 19:24:40 | Attr = ] NMM-MetaData.db -> %UserAppData%\NMM-MetaData.db -> [Ver = | Size = 856806 bytes | Modified Date = 21/01/2008 21:27:12 | Attr = ] uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 22/01/2008 23:01:17 | Attr = ] Vso -> %UserAppData%\Vso -> [Folder | Modified Date = 06/01/2008 01:08:53 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 120832 bytes | Modified Date = 21/01/2008 21:43:19 | Attr = ] My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 03/01/2008 11:12:05 | Attr = R ] My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 12/01/2008 15:45:26 | Attr = R ] My PSP8 Files -> %UserDocuments%\My PSP8 Files -> [Folder | Modified Date = 12/01/2008 15:33:52 | Attr = ] iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 17/01/2008 14:24:16 | Attr = ] 01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> [Ver = | Size = 6224000 bytes | Modified Date = 21/01/2008 21:51:26 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3:Zone.Identifier Abel Theory Test.lnk -> %UserDesktop%\Abel Theory Test.lnk -> [Ver = | Size = 722 bytes | Modified Date = 19/01/2008 12:02:26 | Attr = ] Coursework -> %UserDesktop%\Coursework -> [Folder | Modified Date = 23/01/2008 23:05:18 | Attr = R ] fcuk.wps -> %UserDesktop%\fcuk.wps -> [Ver = | Size = 12800 bytes | Modified Date = 28/12/2007 15:38:34 | Attr = ] LA795035 Title register-339 bburn road.pdf -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf -> [Ver = | Size = 5057 bytes | Modified Date = 21/01/2008 09:06:27 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf:Zone.Identifier Microsoft Word.lnk -> %UserDesktop%\Microsoft Word.lnk -> [Ver = | Size = 2483 bytes | Modified Date = 22/01/2008 19:58:54 | Attr = ] Ni Nachele Mix.wav -> %UserDesktop%\Ni Nachele Mix.wav -> [Ver = | Size = 10099874 bytes | Modified Date = 20/01/2008 21:13:08 | Attr = ] O2 Broadband Assistant.lnk -> %UserDesktop%\O2 Broadband Assistant.lnk -> [Ver = | Size = 1939 bytes | Modified Date = 20/01/2008 23:46:21 | Attr = ] Prison[1].Break.S03E10.720p.HDTV.x264-CTU.torrent -> %UserDesktop%\Prison[1].Break.S03E10.720p.HDTV.x264-CTU.torrent -> [Ver = | Size = 46049 bytes | Modified Date = 22/01/2008 17:11:46 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\Prison[1].Break.S03E10.720p.HDTV.x264-CTU.torrent:Zone.Identifier Prison[1].Break.S03E10.HDTV.XviD-XORby-abdtouab-saida [myBittorrent.com].torrent -> %UserDesktop%\Prison[1].Break.S03E10.HDTV.XviD-XORby-abdtouab-saida [myBittorrent.com].torrent -> [Ver = | Size = 15512 bytes | Modified Date = 22/01/2008 17:13:55 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\Prison[1].Break.S03E10.HDTV.XviD-XORby-abdtouab-saida [myBittorrent.com].torrent:Zone.Identifier SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Modified Date = 14/01/2008 15:27:30 | Attr = ] SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1129580 bytes | Modified Date = 14/01/2008 15:12:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 23/01/2008 23:17:04 | Attr = ] WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478232 bytes | Modified Date = 23/01/2008 23:16:36 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 14/01/2008 15:08:31 | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1307 bytes | Modified Date = 06/08/2007 16:37:35 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4617 bytes | Modified Date = 09/01/2008 05:32:40 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 09/01/2008 05:32:40 | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 04/11/2007 17:42:22 | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 31/07/2005 17:36:11 | Attr = ] wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 858636 bytes | Modified Date = 10/01/2008 21:10:49 | Attr = ] wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 858636 bytes | Modified Date = 10/01/2008 21:10:49 | Attr = ] Perflib_Perfdata_ccc.dat -> C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Perflib_Perfdata_ccc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 23/01/2008 23:15:09 | Attr = ] [Manual Scans] < C:\Documents and Settings\All Users\Application Data\title tool face bin\*.* /s > C:\Documents and Settings\All Users\Application Data\title tool face bin\ -> C:\Documents and Settings\All Users\Application Data\title tool face bin -> [Folder | Modified Date = 25/08/2007 22:29:09 | Attr = ] MAPI RDR.exe -> C:\Documents and Settings\All Users\Application Data\title tool face bin\MAPI RDR.exe -> [Ver = | Size = 511488 bytes | Modified Date = 23/01/2008 09:00:28 | Attr = ] < End of report > |
|
|
|
|
Jan 23 2008, 07:30 PM
Post
#4
|
|
|
Malware Expert Group: HJT Team Posts: 10,983 Joined: 28-January 05 From: Holland Michigan USA Member No.: 10,782 |
Hi saika21. I need to ask about a folder.
Is this a folder you created: C:\Documents and Settings\All Users\Application Data\title tool face bin ? I was just going to delete it because it has a strange name that is similar to what some infections use. But I though I should ask first in case it is known to be good to you. Let me know. Cheers. OT -------------------- I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer |
|
|
|
|
Jan 24 2008, 08:20 AM
Post
#5
|
|
|
Member Group: Members Posts: 16 Joined: 14-January 08 Member No.: 183,400 |
hi thanks again for replying back. i dont remember creating that file. i have alot of hidden files on drice c which i cannot access which i was trying to do before i got the virusprotect onto my computer. how do i go about deleting the C:\Documents and Settings\All Users\Application Data\title tool face bin off the computer. or is it required?
|
|
|
|
|
Jan 24 2008, 12:05 PM
Post
#6
|
|
|
Malware Expert Group: HJT Team Posts: 10,983 Joined: 28-January 05 From: Holland Michigan USA Member No.: 10,782 |
Hi saika21. Ok, let's get started. Please follow the steps below in order:
Step #1 Download SUPERAntiSpyware Free for Home Users
Step #2 Now start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button. CODE [Kill Explorer] [Unregister Dlls] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YN -> Bron-Spizaetus -> YY -> face bin load show -> %AllUsersAppData%\title tool face bin\MAPI RDR.exe YY -> Samsung Common SM -> %SystemRoot%\Samsung\ComSMMgr\ssmmgr.exe < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YY -> Meal Media -> %UserAppData%\STYLE SAVE\rdr view meta.exe YN -> Sonic RecordNow! -> YY -> Tok-Cirrhatus -> YY -> updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup YY -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ YN -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] YY -> {BA0BACB5-FC95-451E-94D2-4959AB0949D2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Video Add-on\isfmdl.dll [Reg Error: Value does not exist or could not be read.] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar YN -> {53E0B6E8-A51D-448B-B692-40B67B285543} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ YN -> CmdMapping\\{9034A523-D068-4BE8-A284-9DF278BE776E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\LEXPPS.EXE -> C:\WINDOWS\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE] YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe -> C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe [C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe:*:Enabled:µTorrent] [Files/Folders - Created Within 30 days] NY -> WS2Fix.exe -> %System32%\WS2Fix.exe NY -> {4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> %SystemRoot%\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini [Files/Folders - Modified Within 30 days] NY -> {22BA5EBE-D659-45B7-9AB0-2356B7031272}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{22BA5EBE-D659-45B7-9AB0-2356B7031272}_ANISHA_Nazam Hussain.job NY -> {8E00338B-AB45-4467-AB49-425216E01E02}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{8E00338B-AB45-4467-AB49-425216E01E02}_ANISHA_Nazam Hussain.job NY -> {A2790A0C-2CC2-4208-A689-8D3FA45DFF79}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{A2790A0C-2CC2-4208-A689-8D3FA45DFF79}_ANISHA_Nazam Hussain.job [Files Modified - Additional Folder Scans - Non-Microsoft Only] NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat [Manual Scans] NY -> C:\Documents and Settings\All Users\Application Data\title tool face bin\ -> C:\Documents and Settings\All Users\Application Data\title tool face bin [Empty Temp Folders] [Start Explorer] The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally. Step #3 Now bring up SUPERAntiSpyware again and run a scan by doing the following:
Step #4 Post the following back here:
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer. Cheers. OT -------------------- I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer |
|
|
|
|
Jan 24 2008, 06:14 PM
Post
#7
|
|
|
Member Group: Members Posts: 16 Joined: 14-January 08 Member No.: 183,400 |
hi ive just tried this. how long is the fixing in step 2 for. i tried it and the software stopped responding after a while. i had to take it off. what should i do?
|
|
|
|
|
Jan 24 2008, 11:02 PM
Post
#8
|
|
|
Malware Expert Group: HJT Team Posts: 10,983 Joined: 28-January 05 From: Holland Michigan USA Member No.: 10,782 |
Hi saika21. That means the infection is still active. Go ahead and end WPF35 and go on to finish the rest of the steps.
Cheers. OT -------------------- I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer |
|
|
|
|
Jan 27 2008, 11:50 AM
Post
#9
|
|
|
Member Group: Members Posts: 16 Joined: 14-January 08 Member No.: 183,400 |
hi sorry it took me so long to reply. before i carry on the other steps im having some other problems on my computer. im some how able to see the hidden files on my computer. i had a lot relating to album art. also there are some in drive c that i can see. did i do this myself? also im having problems accessing stuff. i dont know how to describe this but for example if i need to access the internet and i click on the icon it wont let me onto it straight away. i need to keep raising a couple of pages until the original page loads on. the other pages wont let me do anything so i need to cross them off.
|
|
|
|
|
Jan 27 2008, 03:11 PM
Post
#10
|
|
|
Malware Expert Group: HJT Team Posts: 10,983 Joined: 28-January 05 From: Holland Michigan USA Member No.: 10,782 |
Hi saika21. WPF35 unhides teh files to remove them. If it was terminated before it finished then that is why they are still visible. Don't worry, we'll take care of that at the end.
This particular infection is a DNS infector. It takes sites that you want to go to and redirects you to other sites so it could very well be that there are going to be problems getting to various sites. Just follow the steps and post the information back here. Cheers. OT -------------------- I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer |
|
|
|
|
Jan 28 2008, 04:47 PM
Post
#11
|
|
|
Member Group: Members Posts: 16 Joined: 14-January 08 Member No.: 183,400 |
hi. the new WinPFind35U report is:
WinPFind35 logfile created on: 28/01/2008 21:39:38 WinPFind35U Version Beta34 Folder = C:\Documents and Settings\Nazam Hussain\Desktop\WinPFind35u Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) 510.79 Mb Total Physical Memory | 107.36 Mb Available Physical Memory | 21.02% Memory free 1.22 Gb Paging File | 0.80 Gb Available in Paging File | 65.37% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 27.95 Gb Total Space | 12.91 Gb Free Space | 46.19% Space Free | Partition Type: NTFS Drive D: | 197.95 Gb Total Space | 139.79 Gb Free Space | 70.62% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: ANISHA Current User Name: Nazam Hussain Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 05/01/2007 08:19:28 | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.53 | Size = 554616 bytes | Modified Date = 11/05/2007 16:03:52 | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr = ] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 15/04/2007 19:38:43 | Attr = ] nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 114754 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ] sprtsvc.exe -> %ProgramFiles%\O2\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 6.9.2224.0 | Size = 202280 bytes | Modified Date = 05/06/2007 08:25:50 | Attr = R ] vzfw.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118877 bytes | Modified Date = 09/07/2004 04:26:54 | Attr = ] vztaskscheduler.exe -> %ProgramFiles%\Sony\vaio entertainment\VzTaskScheduler.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 401408 bytes | Modified Date = 28/07/2004 16:51:08 | Attr = ] hkserv.exe -> %ProgramFiles%\Sony\HotKey Utility\HKServ.exe -> Sony Corporation [Ver = 4, 1, 1, 6290 | Size = 122880 bytes | Modified Date = 29/06/2004 21:49:34 | Attr = ] vaioupdt.exe -> %ProgramFiles%\Sony\vaio update 2\VAIOUpdt.exe -> Sony Corporation [Ver = 2, 1, 2, 1140 | Size = 151552 bytes | Modified Date = 14/01/2005 12:43:28 | Attr = ] avrmtctr.exe -> %ProgramFiles%\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe -> [Ver = 1.1.01.08050 | Size = 184320 bytes | Modified Date = 05/08/2004 15:23:34 | Attr = ] pdservice.exe -> %ProgramFiles%\Utimaco\SafeGuard PrivateDisk\pdservice.exe -> Utimaco Safeware AG [Ver = 1.00.6.7 | Size = 40960 bytes | Modified Date = 06/07/2004 13:15:38 | Attr = R ] vzhardwareresourcemanager.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 69632 bytes | Modified Date = 09/07/2004 04:19:04 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ] hkwnd.exe -> %ProgramFiles%\Sony\HotKey Utility\HKWnd.exe -> Sony Corporation [Ver = 4, 1, 1, 6260 | Size = 389120 bytes | Modified Date = 26/06/2004 21:48:42 | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 10/01/2007 05:59:52 | Attr = ] vzrs.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118784 bytes | Modified Date = 09/07/2004 04:27:20 | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 13/09/2007 11:34:21 | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ] sprtcmd.exe -> %ProgramFiles%\O2\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 198184 bytes | Modified Date = 08/03/2007 19:21:38 | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 14:06:28 | Attr = ] acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.0.2003073000 | Size = 217195 bytes | Modified Date = 30/07/2003 01:52:00 | Attr = ] servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 06/11/2006 13:21:10 | Attr = ] vztrayicon.exe -> %ProgramFiles%\Sony\vaio entertainment\VzTrayIcon.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 208896 bytes | Modified Date = 28/07/2004 16:54:22 | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 01/11/2007 23:48:46 | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 15/04/2007 19:38:47 | Attr = ] winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307200 bytes | Modified Date = 23/01/2008 12:59:16 | Attr = ] [Win32 Services - Non-Microsoft Only] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.53 | Size = 554616 bytes | Modified Date = 11/05/2007 16:03:52 | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] (comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 13/01/2007 03:40:58 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 15/04/2007 19:38:43 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ] (ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 14/01/2007 07:11:06 | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.53 | Size = 2983544 bytes | Modified Date = 11/05/2007 16:03:52 | Attr = ] (LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] (LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 17:30:14 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 114754 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ] (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 06/11/2006 13:21:10 | Attr = ] (sprtsvc_O2) SupportSoft Sprocket Service (O2) [Win32_Own | Auto | Running] -> %ProgramFiles%\O2\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 6.9.2224.0 | Size = 202280 bytes | Modified Date = 05/06/2007 08:25:50 | Attr = R ] (SupportSoft RemoteAssist) SupportSoft RemoteAssist [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SupportSoft\bin\ssrc.exe -> SupportSoft, Inc. [Ver = 6.9.2555.0 | Size = 382320 bytes | Modified Date = 27/07/2007 06:39:32 | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 01/11/2007 23:48:46 | Attr = ] (SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 05/01/2007 08:19:28 | Attr = ] (VAIO Entertainment Aggregation and Control Service) VAIO Entertainment Aggregation and Control Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118784 bytes | Modified Date = 09/07/2004 04:27:20 | Attr = ] (VAIO Entertainment File Import Service) VAIO Entertainment File Import Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118877 bytes | Modified Date = 09/07/2004 04:26:54 | Attr = ] (VAIO Entertainment Task Scheduler) VAIO Entertainment Task Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Sony\vaio entertainment\VzTaskScheduler.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 401408 bytes | Modified Date = 28/07/2004 16:51:08 | Attr = ] (VAIO Entertainment TV Device Arbitration Service) VAIO Entertainment TV Device Arbitration Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 69632 bytes | Modified Date = 09/07/2004 04:19:04 | Attr = ] (VAIO Entertainment UPnP Client Adapter) VAIO Entertainment UPnP Client Adapter [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 278528 bytes | Modified Date = 09/07/2004 04:17:54 | Attr = ] (VAIOMediaPlatform-IntegratedServer-AppServer) VAIO Media Integrated Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\VMISrv.exe -> Sony Corporation [Ver = 3.1.00.07090 | Size = 1826816 bytes | Modified Date = 09/07/2004 16:28:14 | Attr = ] (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> Sony Corporation [Ver = 3.0.00.06160 | Size = 57344 bytes | Modified Date = 16/06/2004 02:42:34 | Attr = ] (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> Sony Corporation [Ver = 6.0.00.06220 | Size = 733184 bytes | Modified Date = 22/06/2004 10:58:14 | Attr = ] (VAIOMediaPlatform-Mobile-Gateway) VAIO Media Gateway Server [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -> Sony Corporation [Ver = 3.1.00.06160 | Size = 188416 bytes | Modified Date = 16/06/2004 02:41:06 | Attr = ] [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 01/04/2002 14:15:00 | Attr = ] (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (Aspi32) Aspi32 [Kernel | Auto | Running] -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Modified Date = 17/07/2002 01:05:10 | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 30/05/2007 12:10:42 | Attr = ] (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 30/05/2007 12:10:42 | Attr = ] (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (DgiVecp) Team MFP Comm Driver [Kernel | Auto | Stopped] -> %System32%\drivers\DGIVECP.SYS -> Samsung Electronics Co., Ltd. [Ver = 1.1.2.40 | Size = 41984 bytes | Modified Date = 11/08/2004 06:39:38 | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (DMICall) Sony DMI Call service [Kernel | System | Running] -> %System32%\drivers\DMICall.sys -> Sony Corporation [Ver = 1.0.01.12050 | Size = 3952 bytes | Modified Date = 05/12/2000 16:18:02 | Attr = R ] (dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.2.0.100 | Size = 389432 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ] (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.2.0.100 | Size = 106808 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19/09/2006 13:44:04 | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.04.01 | Size = 197120 bytes | Modified Date = 14/10/2003 16:08:00 | Attr = ] (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.04.01 | Size = 1043072 bytes | Modified Date = 14/10/2003 16:04:00 | Attr = ] (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (LEX_AS_NIC_SERVICE_YNOS) LAN-Express AS IEEE 802.11g Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %System32%\drivers\ExpasAG.sys -> Atheros Communications, Inc. [Ver = 3.1.2.24 | Size = 392544 bytes | Modified Date = 05/08/2004 08:27:02 | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 09/04/2003 13:48:00 | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070526.023\NAVENG.SYS -> Symantec Corporation [Ver = 20071.2.0.18 | Size = 77688 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070526.023\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.2.0.18 | Size = 852824 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ] (Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.82.3.0 | Size = 9216 bytes | Modified Date = 10/10/2006 07:54:32 | Attr = ] (Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 07:54:32 | Attr = ] (Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.82.3.0 | Size = 138240 bytes | Modified Date = 10/10/2006 07:54:34 | Attr = ] (Nokia USB Port) Nokia USB Port [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcj.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 07:54:32 | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 2484352 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Running] -> %System32%\drivers\Pcouffin.sys -> VSO Software [Ver = 1.35 | Size = 47360 bytes | Modified Date = 07/01/2007 20:29:36 | Attr = ] (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (PrivateDisk) PrivateDisk [Kernel | System | Running] -> %System32%\drivers\privatediskm.sys -> Utimaco Safeware AG [Ver = 1.00.6.7 | Size = 45627 bytes | Modified Date = 06/07/2004 13:07:06 | Attr = R ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 18/04/2006 22:34:55 | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Running] -> %System32%\drivers\R8139n51.sys -> Realtek Semiconductor Corporation [Ver = 5.504.613.2002 built by: WinDDK | Size = 45568 bytes | Modified Date = 13/06/2002 11:37:16 | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 13:53:48 | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16/02/2006 17:51:08 | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 27/02/2007 12:39:26 | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:53 | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (smrt) Sony MPEG RealTime encoder board [Kernel | On_Demand | Running] -> %System32%\drivers\smrt.sys -> Sony Corporation [Ver = 1.2.04.07070 | Size = 774784 bytes | Modified Date = 07/07/2004 16:53:38 | Attr = ] (smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3860 | Size = 594048 bytes | Modified Date = 01/10/2003 14:48:24 | Attr = ] (SNC) Sony Notebook Control Device [Kernel | On_Demand | Running] -> %System32%\drivers\SonyNC.sys -> Sony Corporation [Ver = 6.0.1.08290 | Size = 48896 bytes | Modified Date = 09/11/2000 19:15:08 | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 3.2.1.3 | Size = 417592 bytes | Modified Date = 01/02/2007 02:21:02 | Attr = ] (SRTSP) SRTSP [File_System | On_Demand | Running] -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 30/11/2007 23:57:12 | Attr = ] (SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 30/11/2007 23:57:12 | Attr = ] (SRTSPX) SRTSPX [Kernel | System | Running] -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 30/11/2007 23:57:12 | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %System32%\drivers\symdns.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 12848 bytes | Modified Date = 30/10/2007 19:55:14 | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] (SYMFW) SYMFW [Kernel | On_Demand | Running] -> %System32%\drivers\symfw.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 145968 bytes | Modified Date = 30/10/2007 19:55:20 | Attr = ] (SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %System32%\drivers\symids.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 39856 bytes | Modified Date = 30/10/2007 19:55:28 | Attr = ] (SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070525.001\SymIDSCo.sys -> Symantec Corporation [Ver = 7.2.1.1 | Size = 185976 bytes | Modified Date = 14/02/2007 15:51:40 | Attr = ] (SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %System32%\drivers\symndis.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 35120 bytes | Modified Date = 30/10/2007 19:55:24 | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 27696 bytes | Modified Date = 30/10/2007 19:55:34 | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 191536 bytes | Modified Date = 30/10/2007 19:55:38 | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (tifmsony) tifmsony [Kernel | On_Demand | Running] -> %System32%\drivers\tifmsony.sys -> Texas Instruments [Ver = 1.0.2.0 | Size = 65024 bytes | Modified Date = 21/05/2004 13:46:50 | Attr = ] (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.04.01 built by: WinDDK | Size = 679808 bytes | Modified Date = 14/10/2003 16:05:00 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 02:06:32 | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 10/01/2007 05:59:52 | Attr = ] HKSERV.EXE -> %ProgramFiles%\Sony\HotKey Utility\HKServ.exe -> Sony Corporation [Ver = 4, 1, 1, 6290 | Size = 122880 bytes | Modified Date = 29/06/2004 21:49:34 | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ] NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 4136960 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ] O2 -> %ProgramFiles%\O2\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 198184 bytes | Modified Date = 08/03/2007 19:21:38 | Attr = ] osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 14/01/2007 07:11:10 | Attr = ] PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 2 | Size = 222720 bytes | Modified Date = 28/11/2006 13:12:12 | Attr = ] PDService.exe -> %ProgramFiles%\Utimaco\SafeGuard PrivateDisk\pdservice.exe -> Utimaco Safeware AG [Ver = 1.00.6.7 | Size = 40960 bytes | Modified Date = 06/07/2004 13:15:38 | Attr = R ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 29/06/2007 05:24:52 | Attr = ] Samsung PanelMgr -> %SystemRoot%\Samsung\PanelMgr\SSMMgr.exe -> [Ver = 2, 5, 7, 0 | Size = 507904 bytes | Modified Date = 07/06/2006 11:25:14 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ] Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 17:30:14 | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 13/09/2007 11:34:21 | Attr = ] VAIO Update 2 -> %ProgramFiles%\Sony\vaio update 2\VAIOUpdt.exe -> Sony Corporation [Ver = 2, 1, 2, 1140 | Size = 151552 bytes | Modified Date = 14/01/2005 12:43:28 | Attr = ] VZRemoteCommander -> %ProgramFiles%\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe -> [Ver = 1.1.01.08050 | Size = 184320 bytes | Modified Date = 05/08/2004 15:23:34 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> -> File not found AdobeUpdater -> %CommonProgramFiles%\Adobe\Updater5\AdobeUpdater.exe -> Adobe Systems Incorporated [Ver = 5, 1, 0, 1082 | Size = 2321600 bytes | Modified Date = 01/03/2007 09:37:52 | Attr = R ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 14:06:28 | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 15/04/2007 19:38:47 | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersStartup%\Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.0.2003073000 | Size = 217195 bytes | Modified Date = 30/07/2003 01:52:00 | Attr = ] %AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 06/08/2002 13:37:50 | Attr = ] %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> File not found %AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 08/08/2007 16:14:52 | Attr = ] %AllUsersStartup%\Recording Status.lnk -> %ProgramFiles%\Sony\vaio entertainment\VzTrayIcon.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 208896 bytes | Modified Date = 28/07/2004 16:54:22 | Attr = ] < Nazam Hussain Startup Folder > -> C:\Documents and Settings\Nazam Hussain\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 12:29:58 | Attr = ] {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 13:55:48 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 13:41:36 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD -> 0 -> < HOSTS File > (4102 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 83 domain(s) found. -> sony-europe.com .[*] -> Trusted sites -> sonystyle-europe.com .[*] -> Trusted sites -> vaio-link.com .[*] -> Trusted sites -> 4 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 19 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 05/01/2006 12:30:40 | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 96936 bytes | Modified Date = 12/01/2007 07:04:50 | Attr = R ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 08/08/2007 16:14:56 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ] {90222687-F593-4738-B738-FBEE9C7B26DF} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 607888 bytes | Modified Date = 12/01/2007 07:05:00 | Attr = R ] {D0943516-5076-4020-A3B5-AEFAF26AB263} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [Veoh Browser Plug-in] -> Veoh Networks Inc [Ver = 1.0.1.6 | Size = 352256 bytes | Modified Date = 03/10/2007 16:21:58 | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 05/01/2006 12:30:40 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ] ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 05/01/2006 12:30:40 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ] CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73F01} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{9034A523-D068-4BE8-A284-9DF278BE776E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {0AD556B7-CE2B-426E-A401-F5D456FD8276} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {1335DBA4-071C-426E-9B58-955733A6F006} -> (Windows Mobile-based Device) -> {2647C2CD-5992-467D-BFDC-838210AA5A62} -> (LAN-Express AS IEEE 802.11g miniPCI Adapter) -> {55186764-8139-4AE9-9EE6-9C1B67CB2939} -> (1394 Net Adapter) -> {67C386F0-A76E-4280-BCC6-20BEE05B999F} -> () -> {BC963A18-731B-458B-B7A7-DC142A0D2D47} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found mctp:{d7b95390-b1c5-11d0-b111-0080c712fe82} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft ActiveSync\aatp.dll[mctp: Asynchronous Pluggable Protocol Handler] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] -> http://downloads.ewido.net/ewidoOnlineScan.cab[ewidoOnlineScan Control] -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[Symantec AntiVirus scanner] -> {644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[Symantec RuFSI Utility Class] -> {7B297BFD-85E4-4092-B2AF-16A91B2EA103}[HKEY_LOCAL_MACHINE] -> http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[WScanCtl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2_05] -> {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_07] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...ash/swflash.cab[Shockwave Flash Object] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 17:49:30 | Attr = ] msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 14:21:15 | Attr = ] wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 632 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 240256 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0\255.255 [26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\LEXPPS.EXE -> C:\WINDOWS\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe -> C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe [C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe:*:Enabled:µTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Wajid\Wajid1\utorrent.exe -> D:\Wajid\Wajid1\utorrent.exe [D:\Wajid\Wajid1\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 174163 bytes | Modified Date = 11/11/2006 14:54:10 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Wajid\utorrent.exe -> D:\Wajid\utorrent.exe [D:\Wajid\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 177152 bytes | Modified Date = 17/02/2007 14:44:21 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 13/10/2004 16:24:37 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Veoh Networks\Veoh\VeohClient.exe -> C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client] -> Veoh Networks [Ver = 3.5.1.1036 | Size = 3313664 bytes | Modified Date = 17/10/2007 00:29:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.4.3.1 | Size = 15997240 bytes | Modified Date = 26/09/2007 13:41:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\O2\bin\wificfg.exe -> C:\Program Files\O2\bin\wificfg.exe [C:\Program Files\O2\bin\wificfg.exe:*:Enabled:sprtcmd.exe] -> SupportSoft, Inc. [Ver = 6.9.2224.0 | Size = 136744 bytes | Modified Date = 20/06/2007 08:36:22 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\O2\agent\bin\bcont.exe -> C:\Program Files\O2\agent\bin\bcont.exe [C:\Program Files\O2\agent\bin\bcont.exe:*:Enabled:bcont.exe] -> SupportSoft, Inc. [Ver = 6.9.2258.0 | Size = 1000056 bytes | Modified Date = 06/08/2007 08:01:06 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -> C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe:*:Enabled:ssrc.exe] -> SupportSoft, Inc. [Ver = 6.9.2555.0 | Size = 382320 bytes | Modified Date = 27/07/2007 06:39:32 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\O2\agent\bin\bcont_nm.exe -> C:\Program Files\O2\agent\bin\bcont_nm.exe [C:\Program Files\O2\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe] -> SupportSoft, Inc. [Ver = 6.9.2258.0 | Size = 1278584 bytes | Modified Date = 20/07/2007 10:53:14 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0\255.255 [26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> BootExecute -> autocheck autochk *; -> ExcludeFromKnownDlls -> -> *PendingFileRenameOperations* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\PendingFileRenameOperations -> \??\C:\DOCUME~1\NAZAMH~1\LOCALS~1\Temp\symlcsv1.exe [\??\C:\DOCUME~1\NAZAMH~1\LOCALS~1\Temp\symlcsv1.exe] -> %LocalSettings%\Temp\symlcsv1.exe [%LocalSettings%\Temp\symlcsv1.exe] -> [Ver = | Size = 58760 bytes | Modified Date = 28/01/2008 21:33:07 | Attr = ] *MultiFile Done* -> -> < Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] TEMP -> %SystemRoot%\TEMP -> TMP -> %SystemRoot%\TEMP -> windir -> %SystemRoot% -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\PC Connectivity Solution\ -> %ProgramFiles%\PC Connectivity Solution -> [Folder | Modified Date = 23/06/2007 17:23:16 | Attr = ] %SystemRoot%\system32 -> %System32% -> [Folder | Modified Date = 28/01/2008 18:12:30 | Attr = ] %SystemRoot% -> %SystemRoot% -> [Folder | Modified Date = 20/01/2008 23:46:33 | Attr = ] %SystemRoot%\System32\Wbem -> %System32%\wbem -> [Folder | Modified Date = 12/02/2007 19:09:07 | Attr = ] C:\Program Files\Common Files\Teleca Shared -> -> File not found C:\Program Files\QuickTime\QTSystem\ -> %ProgramFiles%\QuickTime\QTSystem -> [Folder | Modified Date = 08/10/2007 19:50:06 | Attr = ] *MultiFile Done* -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> .COM -> File not found .EXE -> .EXE -> File not found .BAT -> .BAT -> File not found .CMD -> .CMD -> File not found .VBS -> .VBS -> File not found .VBE -> .VBE -> File not found .JS -> .JS -> File not found .JSE -> .JSE -> File not found .WSF -> .WSF -> File not found .WSH -> .WSH -> File not found *MultiFile Done* -> -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|F itWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOu t|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs |FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Che ck Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEd iting|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHide ToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|Sh owHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProductio n|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHi deToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|Show HideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignat ures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|Add FileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|H elpUserGuide|HelpReader -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade [version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class: 3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|. hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse: 3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|. mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst :3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|. scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe: 3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|. zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|m ailto:2|file:1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownMedia -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownBrowse -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\\Enabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> *ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE -> -> File not found ADP -> -> File not found BAS -> -> File not found BAT -> -> File not found CHM -> -> File not found CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] COM -> -> File not found CPL -> -> File not found CRT -> -> File not found EXE -> -> File not found HLP -> -> File not found HTA -> -> File not found INF -> -> File not found INS -> -> File not found ISP -> -> File not found LNK -> -> File not found MDB -> -> File not found MDE -> -> File not found MSC -> -> File not found MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 18/04/2007 16:12:23 | Attr = ] MSP -> -> File not found MST -> -> File not found OCX -> -> File not found PCD -> -> File not found PIF -> -> File not found REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] SCR -> -> File not found SHS -> -> File not found URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 37888 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] VB -> -> File not found WSC -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ̋ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ȅ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> Ζ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> Ų -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Utimaco\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Utimaco\SafeGuard PrivateDisk\ -> -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> [Files/Folders - Created Within 30 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535678976 bytes | Created Date = 14/01/2008 15:30:06 | Attr = HS] dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 05/01/2008 15:36:36 | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] {4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> %SystemRoot%\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> [Ver = | Size = 728 bytes | Created Date = 20/01/2008 23:46:06 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 24/01/2008 22:29:56 | Attr = ] TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 14/01/2008 14:35:51 | Attr = ] @Alternate Data Stream - 119 bytes -> %AllUsersAppData%\TEMP:18B7103A SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 24/01/2008 22:29:44 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 784 bytes | Created Date = 24/01/2008 22:29:47 | Attr = ] 01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> [Ver = | Size = 6224000 bytes | Created Date = 21/01/2008 21:51:26 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3:Zone.Identifier HijackThis.exe -> %UserDesktop%\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 14/01/2008 16:16:33 | Attr = ] LA795035 Title register-339 bburn road.pdf -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf -> [Ver = | Size = 5057 bytes | Created Date = 21/01/2008 09:06:24 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf:Zone.Identifier New Folder -> %UserDesktop%\New Folder -> [Folder | Created Date = 26/01/2008 12:44:00 | Attr = ] Ni Nachele Mix.wav -> %UserDesktop%\Ni Nachele Mix.wav -> [Ver = | Size = 10099874 bytes | Created Date = 20/01/2008 21:13:07 | Attr = ] O2 Broadband Assistant.lnk -> %UserDesktop%\O2 Broadband Assistant.lnk -> [Ver = | Size = 1939 bytes | Created Date = 20/01/2008 23:46:21 | Attr = ] Pehla Pehla Pyar Remix.wav -> %UserDesktop%\Pehla Pehla Pyar Remix.wav -> [Ver = | Size = 7949804 bytes | Created Date = 26/01/2008 20:48:42 | Attr = ] SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Created Date = 14/01/2008 15:19:01 | Attr = ] SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1129580 bytes | Created Date = 14/01/2008 15:12:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 24/01/2008 22:26:08 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 23/01/2008 23:17:04 | Attr = ] WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478232 bytes | Created Date = 23/01/2008 23:16:33 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 24/01/2008 22:28:20 | Attr = ] [Files/Folders - Modified Within 30 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535678976 bytes | Modified Date = 28/01/2008 21:31:16 | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 28/01/2008 21:28:48 | Attr = R ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 20/01/2008 23:46:33 | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Modified Date = 24/01/2008 23:00:45 | Attr = ] hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 4102 bytes | Modified Date = 14/01/2008 15:19:43 | Attr = ] SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10740 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 28/01/2008 21:30:31 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/01/2008 05:08:08 | Attr = RHS] drivers -> %System32%\drivers -> [Folder | Modified Date = 14/01/2008 14:52:39 | Attr = ] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 161136 bytes | Modified Date = 06/01/2008 03:27:24 | Attr = ] NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 05/01/2008 15:41:52 | Attr = ] nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 4452 bytes | Modified Date = 28/01/2008 21:32:05 | Attr = ] S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 28/01/2008 21:32:34 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 09/01/2008 05:32:35 | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 28/01/2008 21:31:22 | Attr = S] cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 3527 bytes | Modified Date = 15/01/2008 19:54:34 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/01/2008 09:39:39 | Attr = S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 03/01/2008 11:08:17 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 10/01/2008 05:07:59 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 27/01/2008 17:20:44 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 24/01/2008 22:29:51 | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 28/01/2008 20:04:49 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 28/01/2008 21:32:37 | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 06/01/2008 02:00:52 | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 28/01/2008 18:12:30 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 14/01/2008 15:19:43 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 28/01/2008 21:37:05 | Attr = ] {4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> %SystemRoot%\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> [Ver = | Size = 728 bytes | Modified Date = 20/01/2008 23:46:30 | Attr = ] A72AC4B591CD7851.job -> %SystemRoot%\tasks\A72AC4B591CD7851.job -> [Ver = | Size = 286 bytes | Modified Date = 28/01/2008 21:00:15 | Attr = H ] Norton Internet Security - Run Full System Scan - Nazam Hussain.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Nazam Hussain.job -> [Ver = | Size = 638 bytes | Modified Date = 28/01/2008 21:03:05 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 28/01/2008 21:31:30 | Attr = H ] {22BA5EBE-D659-45B7-9AB0-2356B7031272}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{22BA5EBE-D659-45B7-9AB0-2356B7031272}_ANISHA_Nazam Hussain.job -> [Ver = | Size = 406 bytes | Modified Date = 25/01/2008 16:00:00 | Attr = H ] {8E00338B-AB45-4467-AB49-425216E01E02}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{8E00338B-AB45-4467-AB49-425216E01E02}_ANISHA_Nazam Hussain.job -> [Ver = | Size = 406 bytes | Modified Date = 28/01/2008 16:00:00 | Attr = H ] {A2790A0C-2CC2-4208-A689-8D3FA45DFF79}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{A2790A0C-2CC2-4208-A689-8D3FA45DFF79}_ANISHA_Nazam Hussain.job -> [Ver = | Size = 406 bytes | Modified Date = 28/01/2008 09:00:01 | Attr = H ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Driving Test Success -> %AllUsersAppData%\Driving Test Success -> [Folder | Modified Date = 09/01/2008 10:47:59 | Attr = ] Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Modified Date = 28/01/2008 19:35:39 | Attr = ] SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 24/01/2008 22:29:56 | Attr = ] TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 14/01/2008 15:07:59 | Attr = ] @Alternate Data Stream - 119 bytes -> %AllUsersAppData%\TEMP:18B7103A title tool face bin -> %AllUsersAppData%\title tool face bin -> [Folder | Modified Date = 24/01/2008 23:02:27 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 34576 bytes | Modified Date = 07/01/2008 19:24:40 | Attr = ] NMM-MetaData.db -> %UserAppData%\NMM-MetaData.db -> [Ver = | Size = 856806 bytes | Modified Date = 21/01/2008 21:27:12 | Attr = ] Nokia Multimedia Player -> %UserAppData%\Nokia Multimedia Player -> [Folder | Modified Date = 26/01/2008 23:40:20 | Attr = ] STYLE SAVE -> %UserAppData%\STYLE SAVE -> [Folder | Modified Date = 28/01/2008 21:28:49 | Attr = ] SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 24/01/2008 22:29:44 | Attr = ] uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 22/01/2008 23:01:17 | Attr = ] Vso -> %UserAppData%\Vso -> [Folder | Modified Date = 06/01/2008 01:08:53 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 123392 bytes | Modified Date = 27/01/2008 22:32:02 | Attr = ] GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 34576 bytes | Modified Date = 27/01/2008 01:18:03 | Attr = ] My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 03/01/2008 11:12:05 | Attr = R ] My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 27/01/2008 17:24:59 | Attr = R ] My PSP8 Files -> %UserDocuments%\My PSP8 Files -> [Folder | Modified Date = 12/01/2008 15:33:52 | Attr = ] iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 28/01/2008 19:26:03 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 784 bytes | Modified Date = 24/01/2008 22:29:47 | Attr = ] 01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> [Ver = | Size = 6224000 bytes | Modified Date = 27/01/2008 17:13:02 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3:Zone.Identifier Abel Theory Test.lnk -> %UserDesktop%\Abel Theory Test.lnk -> [Ver = | Size = 722 bytes | Modified Date = 19/01/2008 12:02:26 | Attr = ] Coursework -> %UserDesktop%\Coursework -> [Folder | Modified Date = 26/01/2008 14:48:14 | Attr = R ] LA795035 Title register-339 bburn road.pdf -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf -> [Ver = | Size = 5057 bytes | Modified Date = 21/01/2008 09:06:27 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf:Zone.Identifier Microsoft Word.lnk -> %UserDesktop%\Microsoft Word.lnk -> [Ver = | Size = 2483 bytes | Modified Date = 28/01/2008 13:33:41 | Attr = ] New Folder -> %UserDesktop%\New Folder -> [Folder | Modified Date = 26/01/2008 12:50:55 | Attr = ] Ni Nachele Mix.wav -> %UserDesktop%\Ni Nachele Mix.wav -> [Ver = | Size = 10099874 bytes | Modified Date = 20/01/2008 21:13:08 | Attr = ] O2 Broadband Assistant.lnk -> %UserDesktop%\O2 Broadband Assistant.lnk -> [Ver = | Size = 1939 bytes | Modified Date = 20/01/2008 23:46:21 | Attr = ] Pehla Pehla Pyar Remix.wav -> %UserDesktop%\Pehla Pehla Pyar Remix.wav -> [Ver = | Size = 7949804 bytes | Modified Date = 26/01/2008 20:48:42 | Attr = ] SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Modified Date = 14/01/2008 15:27:30 | Attr = ] SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1129580 bytes | Modified Date = 14/01/2008 15:12:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 24/01/2008 22:26:08 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 24/01/2008 22:39:42 | Attr = ] WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478232 bytes | Modified Date = 23/01/2008 23:16:36 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 24/01/2008 22:30:22 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 24/01/2008 22:28:20 | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1307 bytes | Modified Date = 06/08/2007 16:37:35 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4617 bytes | Modified Date = 09/01/2008 05:32:40 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 09/01/2008 05:32:40 | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 04/11/2007 17:42:22 | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 31/07/2005 17:36:11 | Attr = ] wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 863352 bytes | Modified Date = 27/01/2008 21:01:22 | Attr = ] wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 863352 bytes | Modified Date = 27/01/2008 21:01:22 | Attr = ] [Manual Scans] < C:\Documents and Settings\All Users\Application Data\title tool face bin\*.* /s > C:\Documents and Settings\All Users\Application Data\title tool face bin\ -> C:\Documents and Settings\All Users\Application Data\title tool face bin -> [Folder | Modified Date = 24/01/2008 23:02:27 | Attr = ] < End of report > the SUPERAntiSpyware report is: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/28/2008 at 09:11 PM Application Version : 3.9.1008 Core Rules Database Version : 3387 Trace Rules Database Version: 1381 Scan type : Complete Scan Total Scan Time : 02:42:20 Memory items scanned : 599 Memory threats detected : 0 Registry items scanned : 6526 Registry threats detected : 111 File items scanned : 102873 File threats detected : 180 Trojan.Media-Codec/V4 HKLM\Software\Classes\CLSID\{BA0BACB5-FC95-451E-94D2-4959AB0949D2} HKCR\CLSID\{BA0BACB5-FC95-451E-94D2-4959AB0949D2} HKCR\CLSID\{BA0BACB5-FC95-451E-94D2-4959AB0949D2}#xxx HKCR\CLSID\{BA0BACB5-FC95-451E-94D2-4959AB0949D2}\InprocServer32 HKCR\CLSID\{BA0BACB5-FC95-451E-94D2-4959AB0949D2}\InprocServer32#ThreadingModel C:\PROGRAM FILES\VIDEO ADD-ON\ISFMDL.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0BACB5-FC95-451E-94D2-4959AB0949D2} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#UninstallString HKCR\multimediaControls.chl HKCR\multimediaControls.chl\CLSID HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#ProductionEnvironment HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayVersion Adware.Tracking Cookie C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@anat.tacoda[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@tribalfusion[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@serving-sys[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@tracking.foxnews[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@schoolsfinder.direct.gov[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@tradedoubler[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@indexstats[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@www.burstnet[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@ads.addynamix[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@ad.zanox[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@1070535951[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@a[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adrevolver[3].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@statcounter[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@1064516409[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@media.adrevolver[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adtech[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@tacoda[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@edge.ru4[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@doubleclick[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adecn[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@windowsmedia[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@bs.serving-sys[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@realmedia[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@apmebf[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adserver.mediarun[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@xiti[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@cgi-bin[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@anad.tacoda[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@zedo[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adopt.euroclick[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@msnportal.112.2o7[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@bluestreak[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@fastclick[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@atwola[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@247realmedia[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@specificclick[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@indiads[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@server.iad.liveperson[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@s[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@2.adbrite[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adviva[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@c5[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adrevolver[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@msnaccountservices.112.2o7[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@questionmarket[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@25151352[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@mediaplex[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@statse.webtrendslive[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@advertising[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@revsci[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adbrite[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@xbridge.122.2o7[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@atdmt[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@ad.yieldmanager[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@2o7[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@newsquestmedia.uk.smarttargetting[1].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@ads.monster[2].txt C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@overture[1].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@ad.yieldmanager[2].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@adbrite[2].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@adrevolver[2].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@adrevolver[3].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@ads.adbrite[2].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@ads.veoh[2].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@advertising[1].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@adviva[1].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@atdmt[2].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@bs.serving-sys[2].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@doubleclick[2].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@ehg-autotrader.hitbox[2].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@ehg-veohnetworksinc.hitbox[2].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@hitbox[2].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@media.adrevolver[2].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@mediaplex[1].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@msnportal.112.2o7[1].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@serving-sys[1].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@statcounter[2].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@tradedoubler[1].txt C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@tribalfusion[2].txt C:\Documents and Settings\Saika\Cookies\saika@ad1.emediate[1].txt C:\Documents and Settings\Saika\Cookies\saika@adecn[1].txt C:\Documents and Settings\Saika\Cookies\saika@ads.cooltoad[2].txt C:\Documents and Settings\Saika\Cookies\saika@ads.hi5[1].txt C:\Documents and Settings\Saika\Cookies\saika@ads.joinaxxess[2].txt C:\Documents and Settings\Saika\Cookies\saika@ads.monster[1].txt C:\Documents and Settings\Saika\Cookies\saika@adserver.adreactor[1].txt C:\Documents and Settings\Saika\Cookies\saika@adserver.mediarun[1].txt C:\Documents and Settings\Saika\Cookies\saika@atwola[1].txt C:\Documents and Settings\Saika\Cookies\saika@findmusiconline[1].txt C:\Documents and Settings\Saika\Cookies\saika@kanoodle[2].txt C:\Documents and Settings\Saika\Cookies\saika@keywordmax[1].txt C:\Documents and Settings\Saika\Cookies\saika@monstersandcritics.advertserve[1].txt C:\Documents and Settings\Saika\Cookies\saika@partners.webmasterplan[2].txt C:\Documents and Settings\Saika\Cookies\saika@serving.rpowermedia[1].txt C:\Documents and Settings\Saika\Cookies\saika@specificclick[2].txt C:\Documents and Settings\Saika\Cookies\saika@stats.thescripts[2].txt C:\Documents and Settings\Saika\Cookies\saika@www.0stats[2].txt C:\Documents and Settings\Saika\Cookies\saika@www.tns-counter[1].txt C:\Documents and Settings\Saika\Cookies\saika@xiti[1].txt Adware.HotBar/SpamBlockerUtility (Low Risk) HKLM\Software\SpamBlockerUtility HKLM\Software\SpamBlockerUtility\SpamBlockerUtility Browser Hijacker.Favorites C:\Documents and Settings\Nazam Hussain\Favorites\Pharmacy\New York Thyroid Center Radioactive Iodine.url C:\Documents and Settings\Nazam Hussain\Favorites\Pharmacy\The fluid mosaic model of the structure of cell me...[Science. 1972] - PubMed Result.url C:\Documents and Settings\Nazam Hussain\Favorites\Pharmacy\VSEPR Theory.url C:\Documents and Settings\Nazam Hussain\Favorites\Pharmacy Adware.180solutions/Seekmo HKCR\SeekmoToolbar.SeekmoToolband.1 HKCR\SeekmoToolbar.SeekmoToolband.1\CLSID HKLM\Software\Microsoft\Internet Explorer\Toolbar#{53E0B6E8-A51D-448B-B692-40B67B285543} [ Seekmo Toolbar ] C:\Program Files\Seekmo Programs\Seekmo Toolbar C:\Program Files\Seekmo Programs Trojan.DNSChanger-Codec HKCR\CLSID\E404.e404mgr HKCR\CLSID\E404.e404mgr#UserId Malware.VirusProtect HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A} HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0 HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\0 HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\0\win32 HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\FLAGS HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\HELPDIR HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1} HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\ProxyStubClsid HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\ProxyStubClsid32 HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\TypeLib HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\TypeLib#Version HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68} HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\ProxyStubClsid HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\ProxyStubClsid32 HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\TypeLib HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\TypeLib#Version HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245} HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\ProxyStubClsid HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\ProxyStubClsid32 HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\TypeLib HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\TypeLib#Version HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E} HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\ProxyStubClsid HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\ProxyStubClsid32 HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\TypeLib HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\TypeLib#Version HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872} HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\ProxyStubClsid HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\ProxyStubClsid32 HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\TypeLib HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\TypeLib#Version HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B} HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\ProxyStubClsid HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\ProxyStubClsid32 HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\TypeLib HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\TypeLib#Version HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352} HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\ProxyStubClsid HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\ProxyStubClsid32 HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\TypeLib HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\TypeLib#Version HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3} HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\ProxyStubClsid HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\ProxyStubClsid32 HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\TypeLib HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\TypeLib#Version HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA} HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\ProxyStubClsid HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\ProxyStubClsid32 HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\TypeLib HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\TypeLib#Version HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286} HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\ProxyStubClsid HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\ProxyStubClsid32 HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\TypeLib HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\TypeLib#Version HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1} HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\ProxyStubClsid HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\ProxyStubClsid32 HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\TypeLib HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\TypeLib#Version HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A} HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\ProxyStubClsid HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\ProxyStubClsid32 HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\TypeLib HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\TypeLib#Version HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C} HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\ProxyStubClsid HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\ProxyStubClsid32 HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\TypeLib HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\TypeLib#Version HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8} HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\ProxyStubClsid HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\ProxyStubClsid32 HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\TypeLib HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\TypeLib#Version HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB} HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\ProxyStubClsid HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\ProxyStubClsid32 HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\TypeLib HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\TypeLib#Version HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2} HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\ProxyStubClsid HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\ProxyStubClsid32 HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\TypeLib HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\TypeLib#Version C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746595.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746596.EXE Adware.Lop-Variant C:\DOCUMENTS AND SETTINGS\NAZAM HUSSAIN\APPLICATION DATA\STYLE SAVE\ACID CAST ARMY.EXE C:\DOCUMENTS AND SETTINGS\NAZAM HUSSAIN\APPLICATION DATA\STYLE SAVE\SQJFTPRK.EXE C:\DOCUMENTS AND SETTINGS\NAZAM HUSSAIN\APPLICATION DATA\STYLE SAVE\WQMLTKAK.EXE C:\DOCUMENTS AND SETTINGS\NAZAM HUSSAIN\DESKTOP\WINPFIND35U\MOVEDFILES\01242008_223942\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TITLE TOOL FACE BIN\MAPI RDR.EXE C:\DOCUMENTS AND SETTINGS\NAZAM HUSSAIN\DESKTOP\WINPFIND35U\MOVEDFILES\01242008_223942\DOCUMENTS AND SETTINGS\NAZAM HUSSAIN\APPLICATION DATA\STYLE SAVE\RDR VIEW META.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP680\A0731379.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP680\A0732334.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP681\A0733334.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP682\A0734334.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP682\A0734340.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP683\A0734367.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP683\A0734371.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP683\A0734377.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP683\A0734394.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP684\A0734403.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP684\A0734433.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP685\A0734447.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP685\A0734452.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP686\A0735452.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP686\A0735462.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP687\A0736463.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP688\A0738463.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP688\A0739462.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP689\A0739498.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP689\A0740464.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP690\A0740478.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP690\A0740486.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP690\A0741484.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP690\A0741496.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP691\A0741534.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP692\A0741538.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP692\A0742538.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP692\A0743538.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP692\A0744538.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP692\A0745538.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0745613.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746567.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746601.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746627.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP694\A0746673.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP694\A0746677.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP695\A0747677.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP695\A0747692.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP695\A0747705.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP696\A0748704.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP697\A0749704.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP698\A0750726.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP699\A0750787.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP699\A0750791.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP699\A0750798.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP699\A0750836.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP700\A0750864.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP700\A0750869.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP701\A0750906.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP701\A0750911.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP702\A0750958.EXE Rogue.VirusProtectPro-FakeAlert C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746573.DLL Adware.E404 Helper/Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746579.DLL Trojan.Unknown Origin C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746589.ICO C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746590.ICO Trace.Known Threat Sources C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\OB5R66Z9\of_solo_zango_728x90_03_anna[1].swf C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\8PYV8HUJ\banner_install[1].js C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\LD8YON5J\AR_BrtnySprs_728[1].gif C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\GLAR4PU3\underbar_left[1].png C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\AK_zango_300x250_11[1].gif C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\C5EB0H2J\left_edge_on[1].gif C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\OB5R66Z9\both_off[1].gif C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\Z2D89333\BS_zango_300x250_11[1].gif C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\8PYV8HUJ\contentDisplay[1].js C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\8PYV8HUJ\underbar_right[1].png C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\GLAR4PU3\zango[1].js i couldnt find latest .log file from the WinPFind3u. i checked the moved file but i couldnt find it. thanks for all the help |
|
|
|
|
Jan 28 2008, 05:10 PM
Post
#12
|
|
|
Malware Expert Group: HJT Team Posts: 10,983 Joined: 28-January 05 From: Holland Michigan USA Member No.: 10,782 |
Hi saika21. It looks like SAS took care of most of the files and registry entries. Just a little bit of ceanup to do yet.
There is an update to WinPFind35 so please delete your current version and download the latest version before running the fix. WinPFind35u Log - Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop. Note: You must be logged on to the system with an account that has Administrator privileges to run this program. Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button. CODE [Registry - Non-Microsoft Only] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YN -> updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup YN -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ YN -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ YN -> ShellBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ YN -> CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] YN -> CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73F01} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] YN -> CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] YN -> CmdMapping\\{9034A523-D068-4BE8-A284-9DF278BE776E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\LEXPPS.EXE -> C:\WINDOWS\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE] YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe -> C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe [C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe:*:Enabled:µTorrent] [Manual Scans] NY -> C:\Documents and Settings\All Users\Application Data\title tool face bin\ -> C:\Documents and Settings\All Users\Application Data\title tool face bin\ The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind35u scan. I will review the information when it comes back in. Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer. Cheers. OT -------------------- I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer |
|
|
|
|
Jan 29 2008, 01:08 PM
Post
#13
|
|
|
Member Group: Members Posts: 16 Joined: 14-January 08 Member No.: 183,400 |
hi. the information on the notepad after the fix was:
[Registry - Non-Microsoft Only] Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk moved successfully. File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73C00} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{200DB664-75B5-47c0-8B45-A44ACCF73C00}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73F01} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{200DB664-75B5-47c0-8B45-A44ACCF73F01}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300DB664-75B5-47c0-8B45-A44ACCF73C00}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{9034A523-D068-4BE8-A284-9DF278BE776E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9034A523-D068-4BE8-A284-9DF278BE776E}\ not found. [Registry - Additional Scans - Non-Microsoft Only] Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\LEXPPS.EXE deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe deleted successfully. [Manual Scans] File/Folder \Documents and Settings\All Users\Application Data\title tool face bin folder moved successfully. not found. < End of fix log > WinPFind35U Version Beta40 fix logfile created on 01292008_175335 The scan report from WinPFind35: CODE WinPFind35 logfile created on: 29/01/2008 17:58:08 WinPFind35U Version Beta40 Folder = C:\Documents and Settings\Nazam Hussain\Desktop\WinPFind35u Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) 510.79 Mb Total Physical Memory | 113.57 Mb Available Physical Memory | 22.23% Memory free 1.22 Gb Paging File | 0.66 Gb Available in Paging File | 53.79% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 27.95 Gb Total Space | 13.20 Gb Free Space | 47.25% Space Free | Partition Type: NTFS Drive D: | 197.95 Gb Total Space | 139.49 Gb Free Space | 70.47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: ANISHA Current User Name: Nazam Hussain Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 05/01/2007 08:19:28 | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.53 | Size = 554616 bytes | Modified Date = 11/05/2007 16:03:52 | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr = ] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 15/04/2007 19:38:43 | Attr = ] nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 114754 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ] sprtsvc.exe -> %ProgramFiles%\O2\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 6.9.2224.0 | Size = 202280 bytes | Modified Date = 05/06/2007 08:25:50 | Attr = R ] vzfw.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118877 bytes | Modified Date = 09/07/2004 04:26:54 | Attr = ] vztaskscheduler.exe -> %ProgramFiles%\Sony\vaio entertainment\VzTaskScheduler.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 401408 bytes | Modified Date = 28/07/2004 16:51:08 | Attr = ] vzhardwareresourcemanager.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 69632 bytes | Modified Date = 09/07/2004 04:19:04 | Attr = ] vzrs.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118784 bytes | Modified Date = 09/07/2004 04:27:20 | Attr = ] hkserv.exe -> %ProgramFiles%\Sony\HotKey Utility\HKServ.exe -> Sony Corporation [Ver = 4, 1, 1, 6290 | Size = 122880 bytes | Modified Date = 29/06/2004 21:49:34 | Attr = ] vaioupdt.exe -> %ProgramFiles%\Sony\vaio update 2\VAIOUpdt.exe -> Sony Corporation [Ver = 2, 1, 2, 1140 | Size = 151552 bytes | Modified Date = 14/01/2005 12:43:28 | Attr = ] avrmtctr.exe -> %ProgramFiles%\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe -> [Ver = 1.1.01.08050 | Size = 184320 bytes | Modified Date = 05/08/2004 15:23:34 | Attr = ] pdservice.exe -> %ProgramFiles%\Utimaco\SafeGuard PrivateDisk\pdservice.exe -> Utimaco Safeware AG [Ver = 1.00.6.7 | Size = 40960 bytes | Modified Date = 06/07/2004 13:15:38 | Attr = R ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 10/01/2007 05:59:52 | Attr = ] hkwnd.exe -> %ProgramFiles%\Sony\HotKey Utility\HKWnd.exe -> Sony Corporation [Ver = 4, 1, 1, 6260 | Size = 389120 bytes | Modified Date = 26/06/2004 21:48:42 | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 13/09/2007 11:34:21 | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ] sprtcmd.exe -> %ProgramFiles%\O2\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 198184 bytes | Modified Date = 08/03/2007 19:21:38 | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 14:06:28 | Attr = ] acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.0.2003073000 | Size = 217195 bytes | Modified Date = 30/07/2003 01:52:00 | Attr = ] servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 06/11/2006 13:21:10 | Attr = ] vztrayicon.exe -> %ProgramFiles%\Sony\vaio entertainment\VzTrayIcon.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 208896 bytes | Modified Date = 28/07/2004 16:54:22 | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 01/11/2007 23:48:46 | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 15/04/2007 19:38:47 | Attr = ] ssmmgr.exe -> %SystemRoot%\Samsung\PanelMgr\SSMMgr.exe -> [Ver = 2, 5, 7, 0 | Size = 507904 bytes | Modified Date = 07/06/2006 11:25:14 | Attr = ] utorrent.exe -> D:\Wajid\Wajid1\utorrent.exe -> [Ver = | Size = 174163 bytes | Modified Date = 11/11/2006 14:54:10 | Attr = ] winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307200 bytes | Modified Date = 29/01/2008 11:17:26 | Attr = ] [Win32 Services - Non-Microsoft Only] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.53 | Size = 554616 bytes | Modified Date = 11/05/2007 16:03:52 | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] (comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 13/01/2007 03:40:58 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 15/04/2007 19:38:43 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ] (ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 14/01/2007 07:11:06 | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.53 | Size = 2983544 bytes | Modified Date = 11/05/2007 16:03:52 | Attr = ] (LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ] (LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 17:30:14 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 114754 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ] (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 06/11/2006 13:21:10 | Attr = ] (sprtsvc_O2) SupportSoft Sprocket Service (O2) [Win32_Own | Auto | Running] -> %ProgramFiles%\O2\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 6.9.2224.0 | Size = 202280 bytes | Modified Date = 05/06/2007 08:25:50 | Attr = R ] (SupportSoft RemoteAssist) SupportSoft RemoteAssist [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SupportSoft\bin\ssrc.exe -> SupportSoft, Inc. [Ver = 6.9.2555.0 | Size = 382320 bytes | Modified Date = 27/07/2007 06:39:32 | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 01/11/2007 23:48:46 | Attr = ] (SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 05/01/2007 08:19:28 | Attr = ] (VAIO Entertainment Aggregation and Control Service) VAIO Entertainment Aggregation and Control Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118784 bytes | Modified Date = 09/07/2004 04:27:20 | Attr = ] (VAIO Entertainment File Import Service) VAIO Entertainment File Import Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118877 bytes | Modified Date = 09/07/2004 04:26:54 | Attr = ] (VAIO Entertainment Task Scheduler) VAIO Entertainment Task Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Sony\vaio entertainment\VzTaskScheduler.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 401408 bytes | Modified Date = 28/07/2004 16:51:08 | Attr = ] (VAIO Entertainment TV Device Arbitration Service) VAIO Entertainment TV Device Arbitration Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 69632 bytes | Modified Date = 09/07/2004 04:19:04 | Attr = ] (VAIO Entertainment UPnP Client Adapter) VAIO Entertainment UPnP Client Adapter [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 278528 bytes | Modified Date = 09/07/2004 04:17:54 | Attr = ] (VAIOMediaPlatform-IntegratedServer-AppServer) VAIO Media Integrated Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\VMISrv.exe -> Sony Corporation [Ver = 3.1.00.07090 | Size = 1826816 bytes | Modified Date = 09/07/2004 16:28:14 | Attr = ] (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> Sony Corporation [Ver = 3.0.00.06160 | Size = 57344 bytes | Modified Date = 16/06/2004 02:42:34 | Attr = ] (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> Sony Corporation [Ver = 6.0.00.06220 | Size = 733184 bytes | Modified Date = 22/06/2004 10:58:14 | Attr = ] (VAIOMediaPlatform-Mobile-Gateway) VAIO Media Gateway Server [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -> Sony Corporation [Ver = 3.1.00.06160 | Size = 188416 bytes | Modified Date = 16/06/2004 02:41:06 | Attr = ] [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 01/04/2002 14:15:00 | Attr = ] (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (Aspi32) Aspi32 [Kernel | Auto | Running] -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Modified Date = 17/07/2002 01:05:10 | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 30/05/2007 12:10:42 | Attr = ] (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 30/05/2007 12:10:42 | Attr = ] (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (DgiVecp) Team MFP Comm Driver [Kernel | Auto | Stopped] -> %System32%\drivers\DGIVECP.SYS -> Samsung Electronics Co., Ltd. [Ver = 1.1.2.40 | Size = 41984 bytes | Modified Date = 11/08/2004 06:39:38 | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (DMICall) Sony DMI Call service [Kernel | System | Running] -> %System32%\drivers\DMICall.sys -> Sony Corporation [Ver = 1.0.01.12050 | Size = 3952 bytes | Modified Date = 05/12/2000 16:18:02 | Attr = R ] (dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.2.0.100 | Size = 389432 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ] (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.2.0.100 | Size = 106808 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19/09/2006 13:44:04 | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.04.01 | Size = 197120 bytes | Modified Date = 14/10/2003 16:08:00 | Attr = ] (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.04.01 | Size = 1043072 bytes | Modified Date = 14/10/2003 16:04:00 | Attr = ] (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (LEX_AS_NIC_SERVICE_YNOS) LAN-Express AS IEEE 802.11g Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %System32%\drivers\ExpasAG.sys -> Atheros Communications, Inc. [Ver = 3.1.2.24 | Size = 392544 bytes | Modified Date = 05/08/2004 08:27:02 | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 09/04/2003 13:48:00 | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070526.023\NAVENG.SYS -> Symantec Corporation [Ver = 20071.2.0.18 | Size = 77688 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070526.023\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.2.0.18 | Size = 852824 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ] (Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.82.3.0 | Size = 9216 bytes | Modified Date = 10/10/2006 07:54:32 | Attr = ] (Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 07:54:32 | Attr = ] (Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.82.3.0 | Size = 138240 bytes | Modified Date = 10/10/2006 07:54:34 | Attr = ] (Nokia USB Port) Nokia USB Port [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcj.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 07:54:32 | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 2484352 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Running] -> %System32%\drivers\Pcouffin.sys -> VSO Software [Ver = 1.35 | Size = 47360 bytes | Modified Date = 07/01/2007 20:29:36 | Attr = ] (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (PrivateDisk) PrivateDisk [Kernel | System | Running] -> %System32%\drivers\privatediskm.sys -> Utimaco Safeware AG [Ver = 1.00.6.7 | Size = 45627 bytes | Modified Date = 06/07/2004 13:07:06 | Attr = R ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 18/04/2006 22:34:55 | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Running] -> %System32%\drivers\R8139n51.sys -> Realtek Semiconductor Corporation [Ver = 5.504.613.2002 built by: WinDDK | Size = 45568 bytes | Modified Date = 13/06/2002 11:37:16 | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 13:53:48 | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16/02/2006 17:51:08 | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 27/02/2007 12:39:26 | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:53 | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (smrt) Sony MPEG RealTime encoder board [Kernel | On_Demand | Running] -> %System32%\drivers\smrt.sys -> Sony Corporation [Ver = 1.2.04.07070 | Size = 774784 bytes | Modified Date = 07/07/2004 16:53:38 | Attr = ] (smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3860 | Size = 594048 bytes | Modified Date = 01/10/2003 14:48:24 | Attr = ] (SNC) Sony Notebook Control Device [Kernel | On_Demand | Running] -> %System32%\drivers\SonyNC.sys -> Sony Corporation [Ver = 6.0.1.08290 | Size = 48896 bytes | Modified Date = 09/11/2000 19:15:08 | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 3.2.1.3 | Size = 417592 bytes | Modified Date = 01/02/2007 02:21:02 | Attr = ] (SRTSP) SRTSP [File_System | On_Demand | Running] -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 30/11/2007 23:57:12 | Attr = ] (SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 30/11/2007 23:57:12 | Attr = ] (SRTSPX) SRTSPX [Kernel | System | Running] -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 30/11/2007 23:57:12 | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %System32%\drivers\symdns.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 12848 bytes | Modified Date = 30/10/2007 19:55:14 | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] (SYMFW) SYMFW [Kernel | On_Demand | Running] -> %System32%\drivers\symfw.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 145968 bytes | Modified Date = 30/10/2007 19:55:20 | Attr = ] (SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %System32%\drivers\symids.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 39856 bytes | Modified Date = 30/10/2007 19:55:28 | Attr = ] (SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070525.001\SymIDSCo.sys -> Symantec Corporation [Ver = 7.2.1.1 | Size = 185976 bytes | Modified Date = 14/02/2007 15:51:40 | Attr = ] (SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %System32%\drivers\symndis.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 35120 bytes | Modified Date = 30/10/2007 19:55:24 | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 27696 bytes | Modified Date = 30/10/2007 19:55:34 | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 191536 bytes | Modified Date = 30/10/2007 19:55:38 | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (tifmsony) tifmsony [Kernel | On_Demand | Running] -> %System32%\drivers\tifmsony.sys -> Texas Instruments [Ver = 1.0.2.0 | Size = 65024 bytes | Modified Date = 21/05/2004 13:46:50 | Attr = ] (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.04.01 built by: WinDDK | Size = 679808 bytes | Modified Date = 14/10/2003 16:05:00 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 02:06:32 | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 10/01/2007 05:59:52 | Attr = ] HKSERV.EXE -> %ProgramFiles%\Sony\HotKey Utility\HKServ.exe -> Sony Corporation [Ver = 4, 1, 1, 6290 | Size = 122880 bytes | Modified Date = 29/06/2004 21:49:34 | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ] NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 4136960 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ] O2 -> %ProgramFiles%\O2\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 198184 bytes | Modified Date = 08/03/2007 19:21:38 | Attr = ] osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 14/01/2007 07:11:10 | Attr = ] PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 2 | Size = 222720 bytes | Modified Date = 28/11/2006 13:12:12 | Attr = ] PDService.exe -> %ProgramFiles%\Utimaco\SafeGuard PrivateDisk\pdservice.exe -> Utimaco Safeware AG [Ver = 1.00.6.7 | Size = 40960 bytes | Modified Date = 06/07/2004 13:15:38 | Attr = R ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 29/06/2007 05:24:52 | Attr = ] Samsung PanelMgr -> %SystemRoot%\Samsung\PanelMgr\SSMMgr.exe -> [Ver = 2, 5, 7, 0 | Size = 507904 bytes | Modified Date = 07/06/2006 11:25:14 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ] Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 17:30:14 | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 13/09/2007 11:34:21 | Attr = ] VAIO Update 2 -> %ProgramFiles%\Sony\vaio update 2\VAIOUpdt.exe -> Sony Corporation [Ver = 2, 1, 2, 1140 | Size = 151552 bytes | Modified Date = 14/01/2005 12:43:28 | Attr = ] VZRemoteCommander -> %ProgramFiles%\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe -> [Ver = 1.1.01.08050 | Size = 184320 bytes | Modified Date = 05/08/2004 15:23:34 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> -> File not found AdobeUpdater -> %CommonProgramFiles%\Adobe\Updater5\AdobeUpdater.exe -> Adobe Systems Incorporated [Ver = 5, 1, 0, 1082 | Size = 2321600 bytes | Modified Date = 01/03/2007 09:37:52 | Attr = R ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 14:06:28 | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 15/04/2007 19:38:47 | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersStartup%\Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.0.2003073000 | Size = 217195 bytes | Modified Date = 30/07/2003 01:52:00 | Attr = ] %AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 06/08/2002 13:37:50 | Attr = ] %AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 08/08/2007 16:14:52 | Attr = ] %AllUsersStartup%\Recording Status.lnk -> %ProgramFiles%\Sony\vaio entertainment\VzTrayIcon.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 208896 bytes | Modified Date = 28/07/2004 16:54:22 | Attr = ] < Nazam Hussain Startup Folder > -> C:\Documents and Settings\Nazam Hussain\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 12:29:58 | Attr = ] {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 13:55:48 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 13:41:36 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD -> 0 -> < HOSTS File > (4102 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 83 domain(s) found. -> sony-europe.com .[*] -> Trusted sites -> sonystyle-europe.com .[*] -> Trusted sites -> vaio-link.com .[*] -> Trusted sites -> 4 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 19 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 05/01/2006 12:30:40 | Attr = ] {1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 96936 bytes | Modified Date = 12/01/2007 07:04:50 | Attr = R ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 08/08/2007 16:14:56 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ] {90222687-F593-4738-B738-FBEE9C7B26DF} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 607888 bytes | Modified Date = 12/01/2007 07:05:00 | Attr = R ] {D0943516-5076-4020-A3B5-AEFAF26AB263} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [Veoh Browser Plug-in] -> Veoh Networks Inc [Ver = 1.0.1.6 | Size = 352256 bytes | Modified Date = 03/10/2007 16:21:58 | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 05/01/2006 12:30:40 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 05/01/2006 12:30:40 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {0AD556B7-CE2B-426E-A401-F5D456FD8276} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {1335DBA4-071C-426E-9B58-955733A6F006} -> (Windows Mobile-based Device) -> {2647C2CD-5992-467D-BFDC-838210AA5A62} -> (LAN-Express AS IEEE 802.11g miniPCI Adapter) -> {55186764-8139-4AE9-9EE6-9C1B67CB2939} -> (1394 Net Adapter) -> {67C386F0-A76E-4280-BCC6-20BEE05B999F} -> () -> {BC963A18-731B-458B-B7A7-DC142A0D2D47} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found mctp:{d7b95390-b1c5-11d0-b111-0080c712fe82} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft ActiveSync\aatp.dll[mctp: Asynchronous Pluggable Protocol Handler] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] -> http://downloads.ewido.net/ewidoOnlineScan.cab[ewidoOnlineScan Control] -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] -> {644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> {7B297BFD-85E4-4092-B2AF-16A91B2EA103}[HKEY_LOCAL_MACHINE] -> http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[WScanCtl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_05] -> {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab[Java Plug-in 1.5.0_07] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 17:49:30 | Attr = ] msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 14:21:15 | Attr = ] wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 632 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 240260 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0 [26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Wajid\Wajid1\utorrent.exe -> D:\Wajid\Wajid1\utorrent.exe [D:\Wajid\Wajid1\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 174163 bytes | Modified Date = 11/11/2006 14:54:10 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Wajid\utorrent.exe -> D:\Wajid\utorrent.exe [D:\Wajid\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 177152 bytes | Modified Date = 17/02/2007 14:44:21 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 13/10/2004 16:24:37 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Veoh Networks\Veoh\VeohClient.exe -> C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client] -> Veoh Networks [Ver = 3.5.1.1036 | Size = 3313664 bytes | Modified Date = 17/10/2007 00:29:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.4.3.1 | Size = 15997240 bytes | Modified Date = 26/09/2007 13:41:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\O2\bin\wificfg.exe -> C:\Program Files\O2\bin\wificfg.exe [C:\Program Files\O2\bin\wificfg.exe:*:Enabled:sprtcmd.exe] -> SupportSoft, Inc. [Ver = 6.9.2224.0 | Size = 136744 bytes | Modified Date = 20/06/2007 08:36:22 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\O2\agent\bin\bcont.exe -> C:\Program Files\O2\agent\bin\bcont.exe [C:\Program Files\O2\agent\bin\bcont.exe:*:Enabled:bcont.exe] -> SupportSoft, Inc. [Ver = 6.9.2258.0 | Size = 1000056 bytes | Modified Date = 06/08/2007 08:01:06 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -> C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe:*:Enabled:ssrc.exe] -> SupportSoft, Inc. [Ver = 6.9.2555.0 | Size = 382320 bytes | Modified Date = 27/07/2007 06:39:32 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\O2\agent\bin\bcont_nm.exe -> C:\Program Files\O2\agent\bin\bcont_nm.exe [C:\Program Files\O2\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe] -> SupportSoft, Inc. [Ver = 6.9.2258.0 | Size = 1278584 bytes | Modified Date = 20/07/2007 10:53:14 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0 [26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> BootExecute -> autocheck autochk *; -> ExcludeFromKnownDlls -> -> *PendingFileRenameOperations* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\PendingFileRenameOperations -> \??\C:\DOCUME~1\NAZAMH~1\LOCALS~1\Temp\symlcsv1.exe [\??\C:\DOCUME~1\NAZAMH~1\LOCALS~1\Temp\symlcsv1.exe] -> %LocalSettings%\Temp\symlcsv1.exe [%LocalSettings%\Temp\symlcsv1.exe] -> [Ver = | Size = 58760 bytes | Modified Date = 29/01/2008 08:02:50 | Attr = ] *MultiFile Done* -> -> < Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] TEMP -> %SystemRoot%\TEMP -> TMP -> %SystemRoot%\TEMP -> windir -> %SystemRoot% -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\PC Connectivity Solution\ -> %ProgramFiles%\PC Connectivity Solution -> [Folder | Modified Date = 23/06/2007 17:23:16 | Attr = ] %SystemRoot%\system32 -> %System32% -> [Folder | Modified Date = 28/01/2008 18:12:30 | Attr = ] %SystemRoot% -> %SystemRoot% -> [Folder | Modified Date = 20/01/2008 23:46:33 | Attr = ] %SystemRoot%\System32\Wbem -> %System32%\wbem -> [Folder | Modified Date = 12/02/2007 19:09:07 | Attr = ] C:\Program Files\Common Files\Teleca Shared -> -> File not found C:\Program Files\QuickTime\QTSystem\ -> %ProgramFiles%\QuickTime\QTSystem -> [Folder | Modified Date = 08/10/2007 19:50:06 | Attr = ] *MultiFile Done* -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> .COM -> File not found .EXE -> .EXE -> File not found .BAT -> .BAT -> File not found .CMD -> .CMD -> File not found .VBS -> .VBS -> File not found .VBE -> .VBE -> File not found .JS -> .JS -> File not found .JSE -> .JSE -> File not found .WSF -> .WSF -> File not found .WSH -> .WSH -> File not found *MultiFile Done* -> -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|F itWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOu t|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs |FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEd iting|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHide ToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|Sh owHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProductio n|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHi deToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|Show HideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignat ures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|Add FileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|H elpUserGuide|HelpReader -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade [version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownMedia -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownBrowse -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\\Enabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> *ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE -> -> File not found ADP -> -> File not found BAS -> -> File not found BAT -> -> File not found CHM -> -> File not found CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] COM -> -> File not found CPL -> -> File not found CRT -> -> File not found EXE -> -> File not found HLP -> -> File not found HTA -> -> File not found INF -> -> File not found INS -> -> File not found ISP -> -> File not found LNK -> -> File not found MDB -> -> File not found MDE -> -> File not found MSC -> -> File not found MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 18/04/2007 16:12:23 | Attr = ] MSP -> -> File not found MST -> -> File not found OCX -> -> File not found PCD -> -> File not found PIF -> -> File not found REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] SCR -> -> File not found SHS -> -> File not found URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 37888 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ] VB -> -> File not found WSC -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ̋ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ȅ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> Ζ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> Ų -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Utimaco\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Utimaco\SafeGuard PrivateDisk\ -> -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> [Files/Folders - Created Within 30 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535678976 bytes | Created Date = 14/01/2008 15:30:06 | Attr = HS] dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 05/01/2008 15:36:36 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ] {4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> %SystemRoot%\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> [Ver = | Size = 728 bytes | Created Date = 20/01/2008 23:46:06 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 24/01/2008 22:29:56 | Attr = ] TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 14/01/2008 14:35:51 | Attr = ] @Alternate Data Stream - 119 bytes -> %AllUsersAppData%\TEMP:18B7103A SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 24/01/2008 22:29:44 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 784 bytes | Created Date = 24/01/2008 22:29:47 | Attr = ] 01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> [Ver = | Size = 6224000 bytes | Created Date = 21/01/2008 21:51:26 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3:Zone.Identifier HijackThis.exe -> %UserDesktop%\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 14/01/2008 16:16:33 | Attr = ] LA795035 Title register-339 bburn road.pdf -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf -> [Ver = | Size = 5057 bytes | Created Date = 21/01/2008 09:06:24 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf:Zone.Identifier New Folder -> %UserDesktop%\New Folder -> [Folder | Created Date = 26/01/2008 12:44:00 | Attr = ] Ni Nachele Mix.wav -> %UserDesktop%\Ni Nachele Mix.wav -> [Ver = | Size = 10099874 bytes | Created Date = 20/01/2008 21:13:07 | Attr = ] O2 Broadband Assistant.lnk -> %UserDesktop%\O2 Broadband Assistant.lnk -> [Ver = | Size = 1939 bytes | Created Date = 20/01/2008 23:46:21 | Attr = ] Pehla Pehla Pyar Remix.wav -> %UserDesktop%\Pehla Pehla Pyar Remix.wav -> [Ver = | Size = 7949804 bytes | Created Date = 26/01/2008 20:48:42 | Attr = ] Prison[1].Break.S03E11.HDTV.XviD-XOR.torrent -> %UserDesktop%\Prison[1].Break.S03E11.HDTV.XviD-XOR.torrent -> [Ver = | Size = 15797 bytes | Created Date = 29/01/2008 17:48:19 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\Prison[1].Break.S03E11.HDTV.XviD-XOR.torrent:Zone.Identifier SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Created Date = 14/01/2008 15:19:01 | Attr = ] SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1129580 bytes | Created Date = 14/01/2008 15:12:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 24/01/2008 22:26:08 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 29/01/2008 17:45:58 | Attr = ] WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478100 bytes | Created Date = 29/01/2008 17:45:46 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 24/01/2008 22:28:20 | Attr = ] [Files/Folders - Modified Within 30 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535678976 bytes | Modified Date = 29/01/2008 07:58:19 | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 28/01/2008 21:28:48 | Attr = R ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 20/01/2008 23:46:33 | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Modified Date = 24/01/2008 23:00:45 | Attr = ] hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 4102 bytes | Modified Date = 14/01/2008 15:19:43 | Attr = ] SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10740 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 28/01/2008 21:30:31 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/01/2008 05:08:08 | Attr = RHS] drivers -> %System32%\drivers -> [Folder | Modified Date = 14/01/2008 14:52:39 | Attr = ] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 161136 bytes | Modified Date = 06/01/2008 03:27:24 | Attr = ] NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 05/01/2008 15:41:52 | Attr = ] nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 4452 bytes | Modified Date = 29/01/2008 07:59:21 | Attr = ] S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 29/01/2008 07:59:33 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 09/01/2008 05:32:35 | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 29/01/2008 07:58:25 | Attr = S] cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 3527 bytes | Modified Date = 15/01/2008 19:54:34 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/01/2008 09:39:39 | Attr = S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 03/01/2008 11:08:17 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 10/01/2008 05:07:59 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 27/01/2008 17:20:44 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 24/01/2008 22:29:51 | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 29/01/2008 17:56:48 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 29/01/2008 07:59:59 | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 06/01/2008 02:00:52 | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 28/01/2008 18:12:30 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 14/01/2008 15:19:43 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 29/01/2008 17:18:11 | Attr = ] {4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> %SystemRoot%\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> [Ver = | Size = 728 bytes | Modified Date = 20/01/2008 23:46:30 | Attr = ] A72AC4B591CD7851.job -> %SystemRoot%\tasks\A72AC4B591CD7851.job -> [Ver = | Size = 286 bytes | Modified Date = 29/01/2008 17:00:00 | Attr = H ] Norton Internet Security - Run Full System Scan - Nazam Hussain.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Nazam Hussain.job -> [Ver = | Size = 638 bytes | Modified Date = 28/01/2008 21:03:05 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 29/01/2008 07:58:35 | Attr = H ] {22BA5EBE-D659-45B7-9AB0-2356B7031272}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{22BA5EBE-D659-45B7-9AB0-2356B7031272}_ANISHA_Nazam Hussain.job -> [Ver = | Size = 406 bytes | Modified Date = 25/01/2008 16:00:00 | Attr = H ] {8E00338B-AB45-4467-AB49-425216E01E02}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{8E00338B-AB45-4467-AB49-425216E01E02}_ANISHA_Nazam Hussain.job -> [Ver = | Size = 406 bytes | Modified Date = 29/01/2008 16:00:00 | Attr = H ] {A2790A0C-2CC2-4208-A689-8D3FA45DFF79}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{A2790A0C-2CC2-4208-A689-8D3FA45DFF79}_ANISHA_Nazam Hussain.job -> [Ver = | Size = 406 bytes | Modified Date = 29/01/2008 09:00:01 | Attr = H ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1307 bytes | Modified Date = 06/08/2007 16:37:35 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4617 bytes | Modified Date = 09/01/2008 05:32:40 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 09/01/2008 05:32:40 | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 04/11/2007 17:42:22 | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 31/07/2005 17:36:11 | Attr = ] wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 863352 bytes | Modified Date = 27/01/2008 21:01:22 | Attr = ] wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 863352 bytes | Modified Date = 27/01/2008 21:01:22 | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 21/06/2007 14:07:10 | Attr = ] symlcsv1.exe -> C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\symlcsv1.exe -> [Ver = | Size = 58760 bytes | Modified Date = 29/01/2008 08:02:50 | Attr = ] 2 C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] Driving Test Success -> %AllUsersAppData%\Driving Test Success -> [Folder | Modified Date = 09/01/2008 10:47:59 | Attr = ] Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Modified Date = 28/01/2008 19:35:39 | Attr = ] SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 24/01/2008 22:29:56 | Attr = ] TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 14/01/2008 15:07:59 | Attr = ] @Alternate Data Stream - 119 bytes -> %AllUsersAppData%\TEMP:18B7103A GDIPFONTCACHEV1.DAT -> %UserAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 34576 bytes | Modified Date = 07/01/2008 19:24:40 | Attr = ] NMM-MetaData.db -> %UserAppData%\NMM-MetaData.db -> [Ver = | Size = 865292 bytes | Modified Date = 29/01/2008 17:41:31 | Attr = ] Nokia Multimedia Player -> %UserAppData%\Nokia Multimedia Player -> [Folder | Modified Date = 26/01/2008 23:40:20 | Attr = ] STYLE SAVE -> %UserAppData%\STYLE SAVE -> [Folder | Modified Date = 28/01/2008 21:28:49 | Attr = ] SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 24/01/2008 22:29:44 | Attr = ] uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 29/01/2008 17:58:03 | Attr = ] Vso -> %UserAppData%\Vso -> [Folder | Modified Date = 06/01/2008 01:08:53 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 123392 bytes | Modified Date = 27/01/2008 22:32:02 | Attr = ] GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 34576 bytes | Modified Date = 27/01/2008 01:18:03 | Attr = ] My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 03/01/2008 11:12:05 | Attr = R ] My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 27/01/2008 17:24:59 | Attr = R ] My PSP8 Files -> %UserDocuments%\My PSP8 Files -> [Folder | Modified Date = 12/01/2008 15:33:52 | Attr = ] iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 29/01/2008 13:33:08 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 784 bytes | Modified Date = 24/01/2008 22:29:47 | Attr = ] 01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> [Ver = | Size = 6224000 bytes | Modified Date = 27/01/2008 17:13:02 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3:Zone.Identifier Abel Theory Test.lnk -> %UserDesktop%\Abel Theory Test.lnk -> [Ver = | Size = 722 bytes | Modified Date = 19/01/2008 12:02:26 | Attr = ] Coursework -> %UserDesktop%\Coursework -> [Folder | Modified Date = 29/01/2008 08:35:05 | Attr = R ] LA795035 Title register-339 bburn road.pdf -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf -> [Ver = | Size = 5057 bytes | Modified Date = 21/01/2008 09:06:27 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf:Zone.Identifier Microsoft Word.lnk -> %UserDesktop%\Microsoft Word.lnk -> [Ver = | Size = 2483 bytes | Modified Date = 28/01/2008 13:33:41 | Attr = ] New Folder -> %UserDesktop%\New Folder -> [Folder | Modified Date = 26/01/2008 12:50:55 | Attr = ] Ni Nachele Mix.wav -> %UserDesktop%\Ni Nachele Mix.wav -> [Ver = | Size = 10099874 bytes | Modified Date = 20/01/2008 21:13:08 | Attr = ] O2 Broadband Assistant.lnk -> %UserDesktop%\O2 Broadband Assistant.lnk -> [Ver = | Size = 1939 bytes | Modified Date = 20/01/2008 23:46:21 | Attr = ] Pehla Pehla Pyar Remix.wav -> %UserDesktop%\Pehla Pehla Pyar Remix.wav -> [Ver = | Size = 7949804 bytes | Modified Date = 26/01/2008 20:48:42 | Attr = ] Prison[1].Break.S03E11.HDTV.XviD-XOR.torrent -> %UserDesktop%\Prison[1].Break.S03E11.HDTV.XviD-XOR.torrent -> [Ver = | Size = 15797 bytes | Modified Date = 29/01/2008 17:48:19 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\Prison[1].Break.S03E11.HDTV.XviD-XOR.torrent:Zone.Identifier SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Modified Date = 14/01/2008 15:27:30 | Attr = ] SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1129580 bytes | Modified Date = 14/01/2008 15:12:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 24/01/2008 22:26:08 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 29/01/2008 17:53:35 | Attr = ] WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478100 bytes | Modified Date = 29/01/2008 17:45:49 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 29/01/2008 08:02:12 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 24/01/2008 22:28:20 | Attr = ] [Manual Scans] < C:\Documents and Settings\All Users\Application Data\title tool face bin\*.* /s > C:\Documents and Settings\All Users\Application Data\title tool face bin\ -> -> File not found < End of report > im not having any further problems with the computer so thank you for all your help, but i can still see all the hidden files. i dont mind being able to see them as i was attempting previously trying to unhide them. the only problem i have is ive got a lot of album art files that are showing and i dont know whether i should delete them. |
|
|
|
|
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 22nd November 2009 - 12:05 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.